{ "analysis_details": { "creation_time": "2018-01-26 18:51 (UTC+1)", "execution_successful": true, "number_of_processes": 13, "reputation_enabled": true, "termination_reason": "timeout", "type": "analysis_details", "version": 2, "vm_analysis_duration_time": "00:10:27" }, "artifacts": { "files": [ { "filename": "STD_ERROR_HANDLE", "hashes": [], "norm_filename": "std_error_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\bi35.exe", "hashes": [ { "md5_hash": "2548e6fc9eb17e55d22dcfb4bf27212d", "sha1_hash": "93dd44a5f16cedd2f4793bd8b9a19523d49fc9e8", "sha256_hash": "5d53050a1509bcc9d97552fa52c1105b51967f4ccf2bde717b502605db1b5011", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\bi35.exe", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Recovery\\WindowsRE\\ReAgent.xml", "hashes": [ { "md5_hash": "b54a23c3a7b39a79fac497dc373bbd78", "sha1_hash": "a436612cd0a6b71203adee2ec4c54e57100198ca", "sha256_hash": "e49227c9eca563bc13f73bbd8c27231be8720a3793531e14547944851886513d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\recovery\\windowsre\\reagent.xml", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\004-sn-0z5C.wav", "hashes": [ { "md5_hash": "0f1459dde60a316ff823e5d139c35369", "sha1_hash": "771bd564cb340ab471a52d5bdd9cabca2cca3be1", "sha256_hash": "9f8bfa505d1427cf2580717fb15df2e836367faa754bff27b2c967989d6f8985", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\004-sn-0z5c.wav", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\1WmQLmoja01-EP.gif", "hashes": [ { "md5_hash": "c985de94f816b08c703d1e8d93f38deb", "sha1_hash": "0ee384ce272d390e882f951f253fd9d2fe0c810f", "sha256_hash": "0f4865b1175da7e03fdb6f4987e1f68cdcef4b67e8f60fb8e30b3deea9963810", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\1wmqlmoja01-ep.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\4SCtkxF.ots", "hashes": [ { "md5_hash": "abff62fdf29c0c95ac6844262ab0d021", "sha1_hash": "ac7e41be580eab8ddaedc3088ac224da241df886", "sha256_hash": "729c5213b77c8ca608f8029cc8b342ac3c7de3ca614d851e43ed86f987f89545", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\4sctkxf.ots", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\6ttfnwVzD3wR1.wav", "hashes": [ { "md5_hash": "73cf5cc0544c3516cf1336480a2916a5", "sha1_hash": "ac4277e0ac06f1c5bdb8b71ad3d34c3f287dddf5", "sha256_hash": "0c3ba80c00a2f1b7df032bd62d17281a5597a3a5414325feeba810e16618bff6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\6ttfnwvzd3wr1.wav", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\8MU6pxFxklXwXFC.m4a", "hashes": [ { "md5_hash": "ee9242e408267dfad7b630abd510826f", "sha1_hash": "735a08f05a58a7dc91196e380cfa32270ad1384e", "sha256_hash": "3337830f27794128aae98c9549e4423d880f86358ea4684f0fb6f284350871f8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\8mu6pxfxklxwxfc.m4a", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\LogTransport2\\Logs\\ulog_AcroARM2_Reader_c8be971a-de95-4557-abcb-db98e0788e08_00209595-b6ba-4fa7-88b0-97083d4c2159_0.log", "hashes": [ { "md5_hash": "e9a8880e462c8674dace0cb09394f7c1", "sha1_hash": "0b7883ceaf8b1b241054c889cd4ac4fa6090d54d", "sha256_hash": "bdeb8a73af6dbb1f3916252969669a1a5eb79c1536cd215770d6954ca563ed2e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\ulog_acroarm2_reader_c8be971a-de95-4557-abcb-db98e0788e08_00209595-b6ba-4fa7-88b0-97083d4c2159_0.log", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\LogTransport2\\Logs\\ulog_AcroARM2_Reader_c8be971a-de95-4557-abcb-db98e0788e08_56653bcd-022e-4023-b1f6-9926fada0024_0.log", "hashes": [ { "md5_hash": "49e7890b98e4442c515ccc9b49868c23", "sha1_hash": "7345966c786336a8958b252471e50f15c02deb49", "sha256_hash": "1214c9d673d0ddf85d399eebcfb9e253b3b9cab58d8b4633c19883d36e808a12", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\ulog_acroarm2_reader_c8be971a-de95-4557-abcb-db98e0788e08_56653bcd-022e-4023-b1f6-9926fada0024_0.log", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\LogTransport2\\LogTransport2.cfg", "hashes": [ { "md5_hash": "d8cdf288e13aadb2ce14a68a669f630a", "sha1_hash": "af0df73951537463b1487d42a99e27d7300262cd", "sha256_hash": "31e88e523d65f182fb89bb2a06530a1e5403047db3e4fff4320a3a30832aaf5b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logtransport2.cfg", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Sonar\\Sonar1.0\\sonar_policy.xml", "hashes": [ { "md5_hash": "0c27e5c8b0aa653b07acefc50652d175", "sha1_hash": "d217de833b350ab50ba97c238cbcc18704859f29", "sha256_hash": "e0674cc38b38e8e3d90037c5708061d4af4e9ec1f5a637d1cdaf8d042fe172c6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\sonar\\sonar1.0\\sonar_policy.xml", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\CztjLRmT.bmp", "hashes": [ { "md5_hash": "18e9c822299394be54340564c9495fb9", "sha1_hash": "8bc8db3d2e1665627517a438f14b10d456189d71", "sha256_hash": "89962cf39be2b75f7426d6587173960e24133af7634ee946681f7809d5ce980b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\cztjlrmt.bmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\ExocxBlrLmuRHv.gif", "hashes": [ { "md5_hash": "4fd8b71eb547e80a511dea90be2d937e", "sha1_hash": "513a365e82651b25951bc673a31a92c69cbb149f", "sha256_hash": "41a0166c378b2e435300c9445ad20385da33592f6aae8b4f083de3118104a9ad", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\exocxblrlmurhv.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\FCmH0Q4.bmp", "hashes": [ { "md5_hash": "33fdf31ed083a84ce2717ffb862ae2e0", "sha1_hash": "8c8812203e8f54e2bcd491ce29ccdfb8ff0efbb7", "sha256_hash": "b43655c0d7d972ee2bf316f757c05f9acd99809c4d730bc6ed99ddb92f77f871", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\fcmh0q4.bmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\imbMbOER.ppt", "hashes": [ { "md5_hash": "0ddfd813a62431944e9b86bc00b0c1e3", "sha1_hash": "56e9635f12557abb4b74e6765c41a97aee797d94", "sha256_hash": "5e2349f3cfc00d0623f1168d723ea63d9e371b6ae4496bd2c88f930b19526e08", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\imbmboer.ppt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\ixwxy.png", "hashes": [ { "md5_hash": "f84242aad257414c6299394eaef94f9c", "sha1_hash": "87b0ce6ba99aab6f95d4e42a442ec6091a1f3287", "sha256_hash": "848fb7439563b074c3cafd736a079171778af3d77dc4ec1dd37c2e308ad62da8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ixwxy.png", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\jxoh-EFt2nW-t9X.wav", "hashes": [ { "md5_hash": "b5415449808e3c6932f4f94d1761bb37", "sha1_hash": "a0158afe4f3177fb8c838b46da76c89a637f17b6", "sha256_hash": "2a12c5c57bddc771133012588410bd27b00e5c5aa4f38e08d77805b17b9be816", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\jxoh-eft2nw-t9x.wav", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\ldeazaydq H9.jpg", "hashes": [ { "md5_hash": "1a47edbd8f8d1889567df663c75e238f", "sha1_hash": "80a1751c44bf254cdc45a879f337048120065548", "sha256_hash": "db8c32bdd3d523dd3327bc56d93e63a74f7be65c3f926cc96b9d18e33832e6ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ldeazaydq h9.jpg", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\LSI0fbp1d3.flv", "hashes": [ { "md5_hash": "939b6ecc6f0aa446c5299714281818cf", "sha1_hash": "40b02c8e732ea82fd2055347bb2510eb73049ebe", "sha256_hash": "32791fd4f7b088308114afd699eb68b8a2adbbae87390a71d3729fa503202ebb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\lsi0fbp1d3.flv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\lxRXkBM2nNswBBWWBk42.mp4", "hashes": [ { "md5_hash": "332b91fdf7f7aeba767b44d868a765b9", "sha1_hash": "1e186a019d9f1206dcc31664ccf280f05673e55c", "sha256_hash": "0b92c0b6c77f30eab7f9ad126587ad43ae31dcd64cf5de5792cdf783991bfa62", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\lxrxkbm2nnswbbwwbk42.mp4", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx", "hashes": [ { "md5_hash": "8e8c7452e491075de50f5e9a84a2905f", "sha1_hash": "6a56eafd259c03d9038640e65c04e06c777a6918", "sha256_hash": "98f04c9c24889b943e54bed16be1c26ac46df40e5618e9b8fe57af8b441dd8ab", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", "hashes": [ { "md5_hash": "17dad9f4045de6bceb1598659d4c8c5a", "sha1_hash": "f1116dc673d7f32d1d5e727f08c18e3be3a9e6be", "sha256_hash": "5e325548acad4849cc825bb073774b29004488bce2942e5f47d36b0d071d9bb2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\office\\recent\\index.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\Preferences.dat", "hashes": [ { "md5_hash": "60933f9f1dd6608884f46526bfcc62f2", "sha1_hash": "d60250ead57dd4dd0d711191546713fe55a6e40d", "sha256_hash": "9ecc1aa70a74f8f3fb3a94b4e4529d55b4d9bb5701058c2dbf9e6f9f373afa7e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\onenote\\16.0\\preferences.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs", "hashes": [ { "md5_hash": "4f1121df7817b939d28f8853a82910b9", "sha1_hash": "9c7c9b74a28b541ab43a08797d5a7ce1b19238a5", "sha256_hash": "380a1f0a103ed3ded033a0759cd64e3007792e094f58ee01e6f46cfcf1d16624", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\outlook.srs", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", "hashes": [ { "md5_hash": "96d99e275adaad30e6e1d1c79a424e8d", "sha1_hash": "223ff832d6bd7ef200da2fc1669a2e2770355f63", "sha256_hash": "b08df0b6489862834b419808312bb6b5b06bdca4604344a9a201a629d882550c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\outlook.xml", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Calendar insights.xltm", "hashes": [ { "md5_hash": "9ace8d3f5804bec2bf33322bbd7634f2", "sha1_hash": "a5f7bdbae0f3bbfc5f8005b13c6bd38fb22bc3c8", "sha256_hash": "9a745102c9d7ffa9789062f6a95a6c62ac685971c15c072a0afce0c355cb6cca", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\calendar insights.xltm", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Cashflow analysis.xltm", "hashes": [ { "md5_hash": "f4f0fae8060d4b08ae97df8fbcbc778a", "sha1_hash": "4bbbf4874ac53fd766f33e21a89112c9a312d646", "sha256_hash": "fce588c4aa8dad0103095bec57de759262ad9375eec73cdb1d4f59fcc392663c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\cashflow analysis.xltm", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Email Insights.xltm", "hashes": [ { "md5_hash": "8d95a48beceba8f02826bc19d41d757b", "sha1_hash": "25ed003799a398df182d45e21bbce9581e5ffbd1", "sha256_hash": "dbe9e6b516890cc3fff90caabf3406974ba8ca0bdef492a7138b354860e4fae7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\email insights.xltm", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm", "hashes": [ { "md5_hash": "a1f1d47ce549e3030af0fc7ebbf1ddf4", "sha1_hash": "d2eef073cfe342424dc5037aaf80a9053d856c48", "sha256_hash": "69560b53a62f017be4dadda81b79f7dba384f6490bb5d89ac254025c73babf0e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\normal.dotm", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Process Map for Basic Flowchart.xltx", "hashes": [ { "md5_hash": "4125923df0d5c4f8c5f8fbe6d953f890", "sha1_hash": "9b1d3550bf89fc2d0a150f65b08e60d23bf7d68f", "sha256_hash": "845e7fae5297ef9160843a26088ade29b34791d1519c009e5c138b9d09550015", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\process map for basic flowchart.xltx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Process Map for Cross-Functional Flowchart.xltx", "hashes": [ { "md5_hash": "06be6a0f948f33e4925148ac17e57a7a", "sha1_hash": "401063e54ac2fca064d0d62d5508936da4353ce6", "sha256_hash": "467b8d5fb7efee0fee5eb90b0b376d01b47ce3449f0806bd23258b9d4b4040a7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\process map for cross-functional flowchart.xltx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Stock symbols comparison.xltm", "hashes": [ { "md5_hash": "47157eb06e51d5598d4e50d3ffdce68c", "sha1_hash": "754bae77c4fbde31bbf4f9cd7f01522a923a1b10", "sha256_hash": "000bf1b2ffae653fc0165337f881adb2bf84dce78848b89740d892e5c62e5075", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\stock symbols comparison.xltm", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Welcome to Excel.xltx", "hashes": [ { "md5_hash": "e855d4238bfb403c0e8a9a8ce692374d", "sha1_hash": "6ec7ee5763c5da5388cc640811d7719cb3d74c66", "sha256_hash": "7bb0213fbe8377d4a2ad86fb472f7348c3327bead9afd7b7c7a103d2317f2709", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\welcome to excel.xltx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg", "hashes": [ { "md5_hash": "928f5eddd1ad2f0d337d43e0255ac530", "sha1_hash": "34f5af6657e94adf4abb54bdc7033d7498ba1020", "sha256_hash": "c7e3a962018b3fe78fd6992cba2e16db651ffad02d178b1aa453cda36c94100f", "type": "file_hash", "version": 1 }, { "md5_hash": "340d913d43779ca4eca5063e73d6385e", "sha1_hash": "bf9eb984a0f2e916aa8a30e0489deab28c5209d8", "sha256_hash": "0563766b6648a1bf9149b1144b2f65408dfdea38926379fdd4dd33d853ca3162", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\mj7J-R46l5.pptx", "hashes": [ { "md5_hash": "1a5c5b11fb72d3f1a229d3502ee42617", "sha1_hash": "55494dbf28e2c893ddbf05315376a48e9042cc8b", "sha256_hash": "e98a3429769c1c5e7c25bdfe73bf05b48de0ded074257393d762a5b6d0555b8a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mj7j-r46l5.pptx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MlDkkPrkrB.mkv", "hashes": [ { "md5_hash": "5d41e1436cb152465ca01f00ef2e86ba", "sha1_hash": "d57943b008b3cdccec058f84199cfd83da2959d5", "sha256_hash": "803550b48b231e0d3a8857c12e93eb9adba2dcdd59dd1388ceaaa52850da90f3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mldkkprkrb.mkv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MMSANU.wav", "hashes": [ { "md5_hash": "2a49933dba48b24d252de021e4413c12", "sha1_hash": "63a856991bfd691bff8ee577668c09504ad4f460", "sha256_hash": "67dd7bf30a073152cd6c49d9576c0e61ad49ee2c6cc73e098f9d45814786a201", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mmsanu.wav", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\addons.json", "hashes": [ { "md5_hash": "63368ee730c3a277e09a80617cbd5e38", "sha1_hash": "f94ad6ebc41a5518eeb48b683896ca132753a07b", "sha256_hash": "9d9b1f87ce8404f1c281d58a3e4f48c97c5f53e197c9dcf91a07095e86bffefd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\addons.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-addons.json", "hashes": [ { "md5_hash": "95e6ddee73cb0be4cacbdf0c5e64c3bf", "sha1_hash": "a610ac512fbd42c8bf0c937353c73126d7cfc86b", "sha256_hash": "0a9c87662454702d945325d4cd48ca883193dc964cbe3774f4e2cb5805d68405", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-addons.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-gfx.json", "hashes": [ { "md5_hash": "18c18310a1a4b578b24ab7ee03225b37", "sha1_hash": "67bc366aef9829e1d1a6874733fce749848d2db2", "sha256_hash": "963b33dbe8ac26086924d94d1d02b72b5e84247b365c152de45855aebab3cf86", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-gfx.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-plugins.json", "hashes": [ { "md5_hash": "3c4ba43c591d9a995a4e14849e15213f", "sha1_hash": "d62a36592e1c94125f35ea92ba1c5a0ba8958e0f", "sha256_hash": "aae79e221d6bc7dd501e061dd79541549be7165c14a27ae96319c9a1f267ef86", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-plugins.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist.xml", "hashes": [ { "md5_hash": "b42b628d5dca2a4c49434b6a03522809", "sha1_hash": "cbd0f640b7f5804c895cf543ed8ffe41f9c0fa0c", "sha256_hash": "e14c1f0a75916f47f02d9f55f8107cb2c831bf6db11efa35bf69d1429744427d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist.xml", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cert8.db", "hashes": [ { "md5_hash": "613a30081b1b9ada852e29802a034ed2", "sha1_hash": "c1558a6fd950db3d38afb6e700a4ab3caa7c1f70", "sha256_hash": "f54950d4b656f6c0b8846bb7047a674992f36cfb74feaffcbd9358861e440642", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cert8.db", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\compatibility.ini", "hashes": [ { "md5_hash": "2a3c3b66601c50e814b219717edf86aa", "sha1_hash": "f8b0868bb023bba1f9abaaa64f7dcbeeff6a7a7b", "sha256_hash": "6272ad9b4882b06d8a5a652ea5abd52fe3fbc4e799a030a262cc65906cf10ba9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\compatibility.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\containers.json", "hashes": [ { "md5_hash": "b47b6db7d02994ee9f6bf90c1d2e3f5a", "sha1_hash": "278c9a3ffda0cde9caa393614b2d4dbf16a789eb", "sha256_hash": "ddc48214681a881253769f711fe50152ac977857e330e209e150e69bc467a4a6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\containers.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\content-prefs.sqlite", "hashes": [ { "md5_hash": "f35e400158ea44277e5a8bb7c1a485fd", "sha1_hash": "eb3e164e64150a19f969534a0e2b1bf95ea0b6ea", "sha256_hash": "693709460fbc64459a073c75b7884154e8d8ad3167bc9cb72862a20421a3820e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\content-prefs.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cookies.sqlite", "hashes": [ { "md5_hash": "4864d87fd4fafa8706618691582d50eb", "sha1_hash": "b7fab54eafe8660767e4a2dcc11ad89c10acb231", "sha256_hash": "37aaf1db4f046763e91f881840cdca0454bb317906fa2394a42cdae2d07f233c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cookies.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\session-state.json", "hashes": [ { "md5_hash": "7c081fc791cf3be85b4e2dafe3aab389", "sha1_hash": "383de7459c1c35baf6beb7e7e6e4f165185a4395", "sha256_hash": "dff105a193540e215cdafbc559d7cec184f9f50d942ada29dcf763bb51d00597", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\session-state.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\state.json", "hashes": [ { "md5_hash": "de383ebb4d7ac5e53d6a9e1ef7e7429a", "sha1_hash": "b29ac0b83eb704bba13d503577684c047d506bac", "sha256_hash": "fa423e9f4c4ad6755daad03d9927de43db5f2a62376834db23f4fdef0a26ad4e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\state.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\extensions.ini", "hashes": [ { "md5_hash": "1158e7c90296ec9bf67c228d6f3c82f3", "sha1_hash": "1655556dbcc057caaf173dbdf8b7aa8759b86cad", "sha256_hash": "c676704ab822a77ae4638152c45d22798310b7591864f62771d0a344103fd9c8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\extensions.json", "hashes": [ { "md5_hash": "4a11ded0abd05200164f479de2f050b0", "sha1_hash": "8978fc01f9c0d629b201bca3560ece8546e2a9da", "sha256_hash": "aa8ba1f603ffe755fc757dd6e1b16eb10a1ccfdaffb159dfc3c51ff8f4814315", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\formhistory.sqlite", "hashes": [ { "md5_hash": "0b72679469ad78247f075472f7d44d45", "sha1_hash": "f5fb3a92b9593a2129221d2e869d0b0292de1ddd", "sha256_hash": "ac4a10e90c1be5404f34a37edbdf08924a72967e116c947504a0f0c510034eb5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\formhistory.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.info", "hashes": [ { "md5_hash": "fe0449f06ab00664525baf7d99f7098f", "sha1_hash": "e4fce1eb219d8d304812b53bd1427490097907ea", "sha256_hash": "ae444fe438ee798026241438896f04a859b3e3a129842725a03e29675c407108", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.info", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\LICENSE.txt", "hashes": [ { "md5_hash": "3348a379c9cc128bf216fa79ff4859f7", "sha1_hash": "69e7fd956893ce2990e1ddea955023280f711a97", "sha256_hash": "deb183b3ea1f5d8c4b6e3eadee0478c70fba58d3c4df8d66d1db25a6e76a1d39", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\license.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\manifest.json", "hashes": [ { "md5_hash": "ff04887dc37b6731a048ece8ff32fb8f", "sha1_hash": "98d538e377c2f5c20ad739a72bc5f18c7b261d68", "sha256_hash": "6f92acd43145cc497ca677d6cd183e5d99b06abf534dbad3ba12c797c96b4d68", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\manifest.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\key3.db", "hashes": [ { "md5_hash": "19198bf743d858949597941a7667772d", "sha1_hash": "6c753754225579ccf0964dad36af8dd673a729bc", "sha256_hash": "1d72a7021ec432f1fb582d0c23b0a650c95dbc89b37623af7d333a2f39c26e11", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\key3.db", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\kinto.sqlite", "hashes": [ { "md5_hash": "6cef10510eb4d85cc1a32afa2c95b78c", "sha1_hash": "e9a2e3141c16a4e114f078e88add801d9161f76d", "sha256_hash": "6da159242cbbe8e6802e87c144afaee3b935142d8e9d3ad3ec15b16ff8c3a92f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\kinto.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\permissions.sqlite", "hashes": [ { "md5_hash": "5dd5df4019efab4438f5c144f24728b9", "sha1_hash": "61cedf727326bc6baf97f26a7ff7fc0dbd1b5186", "sha256_hash": "4c3b4f13857f461d004c53d1f42019c9571e5321e86954d066885a88f7494cca", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\permissions.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite", "hashes": [ { "md5_hash": "3ab16d235b46fffed29dda7fe31787a0", "sha1_hash": "1ba8034558d85940390c10caa7b2ab09dcada2f5", "sha256_hash": "8b95953b69d7ff6000349477f52fd40a2cb515d08e8620adac189ebc7b58cb3e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\places.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\pluginreg.dat", "hashes": [ { "md5_hash": "162a464f975f993c02ff5de49fe6a2b4", "sha1_hash": "ecae0a478653ef771a197e00452ac03a2c9ebf12", "sha256_hash": "f2881afc2955788c621332c75bb71ad9fc506ef5787b23a15043e1e7842d97e0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\pluginreg.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\prefs.js", "hashes": [ { "md5_hash": "839d9a66603b13b7100d7fd075ecde59", "sha1_hash": "81a0774f64a853bda4f96cb42d9d1d5192faa475", "sha256_hash": "b29027e15fe4483662d5ac2afcfd6dc1d15b16290b74efed77144ef0e7b699b2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\prefs.js", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\revocations.txt", "hashes": [ { "md5_hash": "45b97e176b42c7ae086b7b03029accd1", "sha1_hash": "79856813a976809b7a141665745bc723fbf3af07", "sha256_hash": "19167bd47a5e3b0b3e7164a05ff42024a1eedaa6db483303c62b918941a85bf8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\revocations.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\secmod.db", "hashes": [ { "md5_hash": "2001bfd869409aea96b4cf4e1f65ee67", "sha1_hash": "0ef3e6633d416d4d6b2ed46c12c7e59313936fc5", "sha256_hash": "b44ab5c2c2912d3a68c285fb0b4ba224ba2e9ce6d471872d0f6a17c10a584220", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\secmod.db", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionCheckpoints.json", "hashes": [ { "md5_hash": "3c427b245983dca52645773e536fc82b", "sha1_hash": "f1fc2a755f082783eab12953878c7af32bc8bead", "sha256_hash": "78b76d62144692eeba9190289494dbc3f421089d423f36b91cd32dc1caf2ea4d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessioncheckpoints.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionstore-backups\\previous.js", "hashes": [ { "md5_hash": "a65d3e11898c7c575d3dccdd364a7486", "sha1_hash": "cb31ffbb450e8129fbe6ebda11e5e793a66ed43c", "sha256_hash": "3ded70e20fab2e198fe845d80a133036f3bb13bccc85c8ba555520dcd31cc4f6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore-backups\\previous.js", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionstore.js", "hashes": [ { "md5_hash": "5e613b2b8b410f7e91a31cde38585305", "sha1_hash": "b880d6ec174e9bc8699aa22cf067311e89a2f0f8", "sha256_hash": "53d04e36c7fc49fe215fe947f98bfaf398b2f101046b53f2fe43575f3ff5a4df", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore.js", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\SiteSecurityServiceState.txt", "hashes": [ { "md5_hash": "041f6ac7e85658c83cb4d1d92a8b22aa", "sha1_hash": "3c120c5f836e81287a81d560e4ccb64e95d6b00b", "sha256_hash": "9fca5af3190c6763539910f1a10020c260a45795c3da6f92225bddf177efaa98", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sitesecurityservicestate.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite", "hashes": [ { "md5_hash": "68f90dc52361ba8b54c5692208616a49", "sha1_hash": "22efbf16fe06abb5007b6b7d9d792af433373336", "sha256_hash": "a2549c70334b67550eea1a49316375293f1d4f536071bd072783c2b24715545a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", "hashes": [ { "md5_hash": "9fd26e3c40ca850bf1d4437feeb3bd3d", "sha1_hash": "2a983860a398b83a0bceda217b22d27d4c4fa600", "sha256_hash": "c54caf1b4643adc5658dadcc45d57de9a9c43e05e3ba5843c91142aa541ecf77", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage.sqlite", "hashes": [ { "md5_hash": "6f2a52c09fa7f6d3c69675aac90d37a0", "sha1_hash": "cf6322306317c5a27e5c0f7a0da3f3f9232b34a3", "sha256_hash": "1d510585ce43f029a70421c6bded60edf95f921b514cd618216e76c74a79134a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_INPUT_HANDLE", "hashes": [], "norm_filename": "std_input_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "STD_OUTPUT_HANDLE", "hashes": [], "norm_filename": "std_output_handle", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\tubcvd.exe", "hashes": [ { "md5_hash": "2548e6fc9eb17e55d22dcfb4bf27212d", "sha1_hash": "93dd44a5f16cedd2f4793bd8b9a19523d49fc9e8", "sha256_hash": "5d53050a1509bcc9d97552fa52c1105b51967f4ccf2bde717b502605db1b5011", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\tubcvd.exe", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\$Recycle.Bin\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\$recycle.bin\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\$Recycle.Bin\\S-1-5-18\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\$recycle.bin\\s-1-5-18\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\$Recycle.Bin\\S-1-5-21-1462094071-1423818996-289466292-1000\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\$recycle.bin\\s-1-5-21-1462094071-1423818996-289466292-1000\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\bg-BG\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\bg-bg\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\cs-CZ\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\cs-cz\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\da-DK\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\da-dk\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\de-DE\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\de-de\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\el-GR\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\el-gr\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\en-GB\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\en-gb\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\en-US\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\en-us\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\es-ES\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\es-es\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\es-MX\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\es-mx\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\et-EE\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\et-ee\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\fi-FI\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\fi-fi\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\Fonts\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\fonts\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\fr-CA\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\fr-ca\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\fr-FR\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\fr-fr\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\hr-HR\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\hr-hr\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\hu-HU\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\hu-hu\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\it-IT\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\it-it\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\ja-JP\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\ja-jp\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\ko-KR\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\ko-kr\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\lt-LT\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\lt-lt\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\lv-LV\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\lv-lv\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\nb-NO\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\nb-no\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\nl-NL\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\nl-nl\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\pl-PL\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\pl-pl\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\pt-BR\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\pt-br\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\pt-PT\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\pt-pt\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\qps-ploc\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\qps-ploc\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\Resources\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\resources\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\Resources\\en-US\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\resources\\en-us\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\ro-RO\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\ro-ro\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\ru-RU\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\ru-ru\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\sk-SK\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\sk-sk\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\sl-SI\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\sl-si\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\sr-Latn-CS\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\sr-latn-cs\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\sr-Latn-RS\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\sr-latn-rs\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\sv-SE\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\sv-se\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\tr-TR\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\tr-tr\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\uk-UA\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\uk-ua\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\zh-CN\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\zh-cn\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\zh-HK\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\zh-hk\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Boot\\zh-TW\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\boot\\zh-tw\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\PerfLogs\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\perflogs\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Recovery\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\recovery\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Recovery\\WindowsRE\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\recovery\\windowsre\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\System Volume Information\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\system volume information\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Acrobat\\DC\\Collab\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\collab\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Acrobat\\DC\\Forms\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\forms\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Acrobat\\DC\\JSCache\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\jscache\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Acrobat\\DC\\Security\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\security\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Acrobat\\DC\\Security\\CRLCache\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\security\\crlcache\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Flash Player\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\flash player\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\flash player\\assetcache\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Flash Player\\AssetCache\\NAHQNPMN\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\flash player\\assetcache\\nahqnpmn\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Flash Player\\NativeCache\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\flash player\\nativecache\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Headlights\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\headlights\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Linguistics\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\linguistics\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\LogTransport2\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\LogTransport2\\Logs\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Sonar\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\sonar\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Sonar\\Sonar1.0\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\sonar\\sonar1.0\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Identities\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\identities\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Identities\\{CA8CA1BB-F2A6-4E9C-B7CC-FB56671763E8}\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\identities\\{ca8ca1bb-f2a6-4e9c-b7cc-fb56671763e8}\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\#SharedObjects\\DQQHJZ8C\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\dqqhjz8c\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Macromedia\\Flash Player\\macromedia.com\\support\\flashplayer\\sys\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\AddIns\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\addins\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Bibliography\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\bibliography\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Bibliography\\Style\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\bibliography\\style\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Credentials\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\credentials\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Crypto\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\crypto\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\crypto\\rsa\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Crypto\\RSA\\S-1-5-21-1462094071-1423818996-289466292-1000\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-1462094071-1423818996-289466292-1000\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\document building blocks\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\document building blocks\\1033\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Excel\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\excel\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Excel\\XLSTART\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\excel\\xlstart\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Internet Explorer\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\ImplicitAppShortcuts\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned\\TaskBar\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Internet Explorer\\UserData\\Low\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\MMC\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\mmc\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\MS Project\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\ms project\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\MS Project\\16\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\ms project\\16\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\MS Project\\16\\en-US\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\ms project\\16\\en-us\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Network\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\network\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Network\\Connections\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\network\\connections\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Network\\Connections\\Pbk\\_hiddenPbk\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Office\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\office\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Office\\Recent\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\office\\recent\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\OneNote\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\onenote\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\onenote\\16.0\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Outlook\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\PowerPoint\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\powerpoint\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Proof\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\proof\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Protect\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\protect\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Protect\\S-1-5-21-1462094071-1423818996-289466292-1000\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1462094071-1423818996-289466292-1000\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Speech\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\speech\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\Document Themes\\1033\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\Managed\\SmartArt Graphics\\1033\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\User\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\User\\Document Themes\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\document themes\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\User\\Document Themes\\1033\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\document themes\\1033\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\User\\SmartArt Graphics\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\smartart graphics\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\LiveContent\\16\\User\\SmartArt Graphics\\1033\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\smartart graphics\\1033\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\UProof\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\uproof\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Vault\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\vault\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\AccountPictures\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\accountpictures\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Libraries\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\libraries\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Network Shortcuts\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\recent\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\AutomaticDestinations\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Recent\\CustomDestinations\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\SendTo\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\sendto\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessibility\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Administrative Tools\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Maintenance\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Templates\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\templates\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Word\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\word\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Extensions\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\extensions\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\crash reports\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\events\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\crash reports\\events\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\bookmarkbackups\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\bookmarkbackups\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\crashes\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\crashes\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\crashes\\events\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\crashes\\events\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\archived\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\archived\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp\\WINNT_x86-msvc\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp\\winnt_x86-msvc\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-gmpopenh264\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-gmpopenh264\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\minidumps\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\minidumps\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\saved-telemetry-pings\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\saved-telemetry-pings\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionstore-backups\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore-backups\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.files\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.files\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.files\\journals\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.files\\journals\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Recovery\\WindowsRE\\ReAgent.xml", "hashes": [ { "md5_hash": "b54a23c3a7b39a79fac497dc373bbd78", "sha1_hash": "a436612cd0a6b71203adee2ec4c54e57100198ca", "sha256_hash": "e49227c9eca563bc13f73bbd8c27231be8720a3793531e14547944851886513d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\recovery\\windowsre\\reagent.xml", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\004-sn-0z5C.wav", "hashes": [ { "md5_hash": "0f1459dde60a316ff823e5d139c35369", "sha1_hash": "771bd564cb340ab471a52d5bdd9cabca2cca3be1", "sha256_hash": "9f8bfa505d1427cf2580717fb15df2e836367faa754bff27b2c967989d6f8985", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\004-sn-0z5c.wav", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\1WmQLmoja01-EP.gif", "hashes": [ { "md5_hash": "c985de94f816b08c703d1e8d93f38deb", "sha1_hash": "0ee384ce272d390e882f951f253fd9d2fe0c810f", "sha256_hash": "0f4865b1175da7e03fdb6f4987e1f68cdcef4b67e8f60fb8e30b3deea9963810", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\1wmqlmoja01-ep.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\4SCtkxF.ots", "hashes": [ { "md5_hash": "abff62fdf29c0c95ac6844262ab0d021", "sha1_hash": "ac7e41be580eab8ddaedc3088ac224da241df886", "sha256_hash": "729c5213b77c8ca608f8029cc8b342ac3c7de3ca614d851e43ed86f987f89545", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\4sctkxf.ots", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\6ttfnwVzD3wR1.wav", "hashes": [ { "md5_hash": "73cf5cc0544c3516cf1336480a2916a5", "sha1_hash": "ac4277e0ac06f1c5bdb8b71ad3d34c3f287dddf5", "sha256_hash": "0c3ba80c00a2f1b7df032bd62d17281a5597a3a5414325feeba810e16618bff6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\6ttfnwvzd3wr1.wav", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\8MU6pxFxklXwXFC.m4a", "hashes": [ { "md5_hash": "ee9242e408267dfad7b630abd510826f", "sha1_hash": "735a08f05a58a7dc91196e380cfa32270ad1384e", "sha256_hash": "3337830f27794128aae98c9549e4423d880f86358ea4684f0fb6f284350871f8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\8mu6pxfxklxwxfc.m4a", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\LogTransport2\\Logs\\ulog_AcroARM2_Reader_c8be971a-de95-4557-abcb-db98e0788e08_00209595-b6ba-4fa7-88b0-97083d4c2159_0.log", "hashes": [ { "md5_hash": "e9a8880e462c8674dace0cb09394f7c1", "sha1_hash": "0b7883ceaf8b1b241054c889cd4ac4fa6090d54d", "sha256_hash": "bdeb8a73af6dbb1f3916252969669a1a5eb79c1536cd215770d6954ca563ed2e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\ulog_acroarm2_reader_c8be971a-de95-4557-abcb-db98e0788e08_00209595-b6ba-4fa7-88b0-97083d4c2159_0.log", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\LogTransport2\\Logs\\ulog_AcroARM2_Reader_c8be971a-de95-4557-abcb-db98e0788e08_56653bcd-022e-4023-b1f6-9926fada0024_0.log", "hashes": [ { "md5_hash": "49e7890b98e4442c515ccc9b49868c23", "sha1_hash": "7345966c786336a8958b252471e50f15c02deb49", "sha256_hash": "1214c9d673d0ddf85d399eebcfb9e253b3b9cab58d8b4633c19883d36e808a12", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\ulog_acroarm2_reader_c8be971a-de95-4557-abcb-db98e0788e08_56653bcd-022e-4023-b1f6-9926fada0024_0.log", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\LogTransport2\\LogTransport2.cfg", "hashes": [ { "md5_hash": "d8cdf288e13aadb2ce14a68a669f630a", "sha1_hash": "af0df73951537463b1487d42a99e27d7300262cd", "sha256_hash": "31e88e523d65f182fb89bb2a06530a1e5403047db3e4fff4320a3a30832aaf5b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logtransport2.cfg", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Sonar\\Sonar1.0\\sonar_policy.xml", "hashes": [ { "md5_hash": "0c27e5c8b0aa653b07acefc50652d175", "sha1_hash": "d217de833b350ab50ba97c238cbcc18704859f29", "sha256_hash": "e0674cc38b38e8e3d90037c5708061d4af4e9ec1f5a637d1cdaf8d042fe172c6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\sonar\\sonar1.0\\sonar_policy.xml", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\CztjLRmT.bmp", "hashes": [ { "md5_hash": "18e9c822299394be54340564c9495fb9", "sha1_hash": "8bc8db3d2e1665627517a438f14b10d456189d71", "sha256_hash": "89962cf39be2b75f7426d6587173960e24133af7634ee946681f7809d5ce980b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\cztjlrmt.bmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\ExocxBlrLmuRHv.gif", "hashes": [ { "md5_hash": "4fd8b71eb547e80a511dea90be2d937e", "sha1_hash": "513a365e82651b25951bc673a31a92c69cbb149f", "sha256_hash": "41a0166c378b2e435300c9445ad20385da33592f6aae8b4f083de3118104a9ad", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\exocxblrlmurhv.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\FCmH0Q4.bmp", "hashes": [ { "md5_hash": "33fdf31ed083a84ce2717ffb862ae2e0", "sha1_hash": "8c8812203e8f54e2bcd491ce29ccdfb8ff0efbb7", "sha256_hash": "b43655c0d7d972ee2bf316f757c05f9acd99809c4d730bc6ed99ddb92f77f871", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\fcmh0q4.bmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\imbMbOER.ppt", "hashes": [ { "md5_hash": "0ddfd813a62431944e9b86bc00b0c1e3", "sha1_hash": "56e9635f12557abb4b74e6765c41a97aee797d94", "sha256_hash": "5e2349f3cfc00d0623f1168d723ea63d9e371b6ae4496bd2c88f930b19526e08", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\imbmboer.ppt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\ixwxy.png", "hashes": [ { "md5_hash": "f84242aad257414c6299394eaef94f9c", "sha1_hash": "87b0ce6ba99aab6f95d4e42a442ec6091a1f3287", "sha256_hash": "848fb7439563b074c3cafd736a079171778af3d77dc4ec1dd37c2e308ad62da8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ixwxy.png", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\jxoh-EFt2nW-t9X.wav", "hashes": [ { "md5_hash": "b5415449808e3c6932f4f94d1761bb37", "sha1_hash": "a0158afe4f3177fb8c838b46da76c89a637f17b6", "sha256_hash": "2a12c5c57bddc771133012588410bd27b00e5c5aa4f38e08d77805b17b9be816", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\jxoh-eft2nw-t9x.wav", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\ldeazaydq H9.jpg", "hashes": [ { "md5_hash": "1a47edbd8f8d1889567df663c75e238f", "sha1_hash": "80a1751c44bf254cdc45a879f337048120065548", "sha256_hash": "db8c32bdd3d523dd3327bc56d93e63a74f7be65c3f926cc96b9d18e33832e6ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ldeazaydq h9.jpg", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\LSI0fbp1d3.flv", "hashes": [ { "md5_hash": "939b6ecc6f0aa446c5299714281818cf", "sha1_hash": "40b02c8e732ea82fd2055347bb2510eb73049ebe", "sha256_hash": "32791fd4f7b088308114afd699eb68b8a2adbbae87390a71d3729fa503202ebb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\lsi0fbp1d3.flv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\lxRXkBM2nNswBBWWBk42.mp4", "hashes": [ { "md5_hash": "332b91fdf7f7aeba767b44d868a765b9", "sha1_hash": "1e186a019d9f1206dcc31664ccf280f05673e55c", "sha256_hash": "0b92c0b6c77f30eab7f9ad126587ad43ae31dcd64cf5de5792cdf783991bfa62", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\lxrxkbm2nnswbbwwbk42.mp4", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx", "hashes": [ { "md5_hash": "8e8c7452e491075de50f5e9a84a2905f", "sha1_hash": "6a56eafd259c03d9038640e65c04e06c777a6918", "sha256_hash": "98f04c9c24889b943e54bed16be1c26ac46df40e5618e9b8fe57af8b441dd8ab", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat", "hashes": [ { "md5_hash": "17dad9f4045de6bceb1598659d4c8c5a", "sha1_hash": "f1116dc673d7f32d1d5e727f08c18e3be3a9e6be", "sha256_hash": "5e325548acad4849cc825bb073774b29004488bce2942e5f47d36b0d071d9bb2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\office\\recent\\index.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\Preferences.dat", "hashes": [ { "md5_hash": "60933f9f1dd6608884f46526bfcc62f2", "sha1_hash": "d60250ead57dd4dd0d711191546713fe55a6e40d", "sha256_hash": "9ecc1aa70a74f8f3fb3a94b4e4529d55b4d9bb5701058c2dbf9e6f9f373afa7e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\onenote\\16.0\\preferences.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs", "hashes": [ { "md5_hash": "4f1121df7817b939d28f8853a82910b9", "sha1_hash": "9c7c9b74a28b541ab43a08797d5a7ce1b19238a5", "sha256_hash": "380a1f0a103ed3ded033a0759cd64e3007792e094f58ee01e6f46cfcf1d16624", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\outlook.srs", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml", "hashes": [ { "md5_hash": "96d99e275adaad30e6e1d1c79a424e8d", "sha1_hash": "223ff832d6bd7ef200da2fc1669a2e2770355f63", "sha256_hash": "b08df0b6489862834b419808312bb6b5b06bdca4604344a9a201a629d882550c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\outlook.xml", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Calendar insights.xltm", "hashes": [ { "md5_hash": "9ace8d3f5804bec2bf33322bbd7634f2", "sha1_hash": "a5f7bdbae0f3bbfc5f8005b13c6bd38fb22bc3c8", "sha256_hash": "9a745102c9d7ffa9789062f6a95a6c62ac685971c15c072a0afce0c355cb6cca", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\calendar insights.xltm", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Cashflow analysis.xltm", "hashes": [ { "md5_hash": "f4f0fae8060d4b08ae97df8fbcbc778a", "sha1_hash": "4bbbf4874ac53fd766f33e21a89112c9a312d646", "sha256_hash": "fce588c4aa8dad0103095bec57de759262ad9375eec73cdb1d4f59fcc392663c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\cashflow analysis.xltm", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Email Insights.xltm", "hashes": [ { "md5_hash": "8d95a48beceba8f02826bc19d41d757b", "sha1_hash": "25ed003799a398df182d45e21bbce9581e5ffbd1", "sha256_hash": "dbe9e6b516890cc3fff90caabf3406974ba8ca0bdef492a7138b354860e4fae7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\email insights.xltm", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm", "hashes": [ { "md5_hash": "a1f1d47ce549e3030af0fc7ebbf1ddf4", "sha1_hash": "d2eef073cfe342424dc5037aaf80a9053d856c48", "sha256_hash": "69560b53a62f017be4dadda81b79f7dba384f6490bb5d89ac254025c73babf0e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\normal.dotm", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Process Map for Basic Flowchart.xltx", "hashes": [ { "md5_hash": "4125923df0d5c4f8c5f8fbe6d953f890", "sha1_hash": "9b1d3550bf89fc2d0a150f65b08e60d23bf7d68f", "sha256_hash": "845e7fae5297ef9160843a26088ade29b34791d1519c009e5c138b9d09550015", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\process map for basic flowchart.xltx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Process Map for Cross-Functional Flowchart.xltx", "hashes": [ { "md5_hash": "06be6a0f948f33e4925148ac17e57a7a", "sha1_hash": "401063e54ac2fca064d0d62d5508936da4353ce6", "sha256_hash": "467b8d5fb7efee0fee5eb90b0b376d01b47ce3449f0806bd23258b9d4b4040a7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\process map for cross-functional flowchart.xltx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Stock symbols comparison.xltm", "hashes": [ { "md5_hash": "47157eb06e51d5598d4e50d3ffdce68c", "sha1_hash": "754bae77c4fbde31bbf4f9cd7f01522a923a1b10", "sha256_hash": "000bf1b2ffae653fc0165337f881adb2bf84dce78848b89740d892e5c62e5075", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\stock symbols comparison.xltm", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Welcome to Excel.xltx", "hashes": [ { "md5_hash": "e855d4238bfb403c0e8a9a8ce692374d", "sha1_hash": "6ec7ee5763c5da5388cc640811d7719cb3d74c66", "sha256_hash": "7bb0213fbe8377d4a2ad86fb472f7348c3327bead9afd7b7c7a103d2317f2709", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\welcome to excel.xltx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg", "hashes": [ { "md5_hash": "928f5eddd1ad2f0d337d43e0255ac530", "sha1_hash": "34f5af6657e94adf4abb54bdc7033d7498ba1020", "sha256_hash": "c7e3a962018b3fe78fd6992cba2e16db651ffad02d178b1aa453cda36c94100f", "type": "file_hash", "version": 1 }, { "md5_hash": "340d913d43779ca4eca5063e73d6385e", "sha1_hash": "bf9eb984a0f2e916aa8a30e0489deab28c5209d8", "sha256_hash": "0563766b6648a1bf9149b1144b2f65408dfdea38926379fdd4dd33d853ca3162", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\mj7J-R46l5.pptx", "hashes": [ { "md5_hash": "1a5c5b11fb72d3f1a229d3502ee42617", "sha1_hash": "55494dbf28e2c893ddbf05315376a48e9042cc8b", "sha256_hash": "e98a3429769c1c5e7c25bdfe73bf05b48de0ded074257393d762a5b6d0555b8a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mj7j-r46l5.pptx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MlDkkPrkrB.mkv", "hashes": [ { "md5_hash": "5d41e1436cb152465ca01f00ef2e86ba", "sha1_hash": "d57943b008b3cdccec058f84199cfd83da2959d5", "sha256_hash": "803550b48b231e0d3a8857c12e93eb9adba2dcdd59dd1388ceaaa52850da90f3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mldkkprkrb.mkv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MMSANU.wav", "hashes": [ { "md5_hash": "2a49933dba48b24d252de021e4413c12", "sha1_hash": "63a856991bfd691bff8ee577668c09504ad4f460", "sha256_hash": "67dd7bf30a073152cd6c49d9576c0e61ad49ee2c6cc73e098f9d45814786a201", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mmsanu.wav", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\addons.json", "hashes": [ { "md5_hash": "63368ee730c3a277e09a80617cbd5e38", "sha1_hash": "f94ad6ebc41a5518eeb48b683896ca132753a07b", "sha256_hash": "9d9b1f87ce8404f1c281d58a3e4f48c97c5f53e197c9dcf91a07095e86bffefd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\addons.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-addons.json", "hashes": [ { "md5_hash": "95e6ddee73cb0be4cacbdf0c5e64c3bf", "sha1_hash": "a610ac512fbd42c8bf0c937353c73126d7cfc86b", "sha256_hash": "0a9c87662454702d945325d4cd48ca883193dc964cbe3774f4e2cb5805d68405", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-addons.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-gfx.json", "hashes": [ { "md5_hash": "18c18310a1a4b578b24ab7ee03225b37", "sha1_hash": "67bc366aef9829e1d1a6874733fce749848d2db2", "sha256_hash": "963b33dbe8ac26086924d94d1d02b72b5e84247b365c152de45855aebab3cf86", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-gfx.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-plugins.json", "hashes": [ { "md5_hash": "3c4ba43c591d9a995a4e14849e15213f", "sha1_hash": "d62a36592e1c94125f35ea92ba1c5a0ba8958e0f", "sha256_hash": "aae79e221d6bc7dd501e061dd79541549be7165c14a27ae96319c9a1f267ef86", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-plugins.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist.xml", "hashes": [ { "md5_hash": "b42b628d5dca2a4c49434b6a03522809", "sha1_hash": "cbd0f640b7f5804c895cf543ed8ffe41f9c0fa0c", "sha256_hash": "e14c1f0a75916f47f02d9f55f8107cb2c831bf6db11efa35bf69d1429744427d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist.xml", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cert8.db", "hashes": [ { "md5_hash": "613a30081b1b9ada852e29802a034ed2", "sha1_hash": "c1558a6fd950db3d38afb6e700a4ab3caa7c1f70", "sha256_hash": "f54950d4b656f6c0b8846bb7047a674992f36cfb74feaffcbd9358861e440642", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cert8.db", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\compatibility.ini", "hashes": [ { "md5_hash": "2a3c3b66601c50e814b219717edf86aa", "sha1_hash": "f8b0868bb023bba1f9abaaa64f7dcbeeff6a7a7b", "sha256_hash": "6272ad9b4882b06d8a5a652ea5abd52fe3fbc4e799a030a262cc65906cf10ba9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\compatibility.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\containers.json", "hashes": [ { "md5_hash": "b47b6db7d02994ee9f6bf90c1d2e3f5a", "sha1_hash": "278c9a3ffda0cde9caa393614b2d4dbf16a789eb", "sha256_hash": "ddc48214681a881253769f711fe50152ac977857e330e209e150e69bc467a4a6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\containers.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\content-prefs.sqlite", "hashes": [ { "md5_hash": "f35e400158ea44277e5a8bb7c1a485fd", "sha1_hash": "eb3e164e64150a19f969534a0e2b1bf95ea0b6ea", "sha256_hash": "693709460fbc64459a073c75b7884154e8d8ad3167bc9cb72862a20421a3820e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\content-prefs.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cookies.sqlite", "hashes": [ { "md5_hash": "4864d87fd4fafa8706618691582d50eb", "sha1_hash": "b7fab54eafe8660767e4a2dcc11ad89c10acb231", "sha256_hash": "37aaf1db4f046763e91f881840cdca0454bb317906fa2394a42cdae2d07f233c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cookies.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\session-state.json", "hashes": [ { "md5_hash": "7c081fc791cf3be85b4e2dafe3aab389", "sha1_hash": "383de7459c1c35baf6beb7e7e6e4f165185a4395", "sha256_hash": "dff105a193540e215cdafbc559d7cec184f9f50d942ada29dcf763bb51d00597", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\session-state.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\state.json", "hashes": [ { "md5_hash": "de383ebb4d7ac5e53d6a9e1ef7e7429a", "sha1_hash": "b29ac0b83eb704bba13d503577684c047d506bac", "sha256_hash": "fa423e9f4c4ad6755daad03d9927de43db5f2a62376834db23f4fdef0a26ad4e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\state.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\extensions.ini", "hashes": [ { "md5_hash": "1158e7c90296ec9bf67c228d6f3c82f3", "sha1_hash": "1655556dbcc057caaf173dbdf8b7aa8759b86cad", "sha256_hash": "c676704ab822a77ae4638152c45d22798310b7591864f62771d0a344103fd9c8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\extensions.json", "hashes": [ { "md5_hash": "4a11ded0abd05200164f479de2f050b0", "sha1_hash": "8978fc01f9c0d629b201bca3560ece8546e2a9da", "sha256_hash": "aa8ba1f603ffe755fc757dd6e1b16eb10a1ccfdaffb159dfc3c51ff8f4814315", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\formhistory.sqlite", "hashes": [ { "md5_hash": "0b72679469ad78247f075472f7d44d45", "sha1_hash": "f5fb3a92b9593a2129221d2e869d0b0292de1ddd", "sha256_hash": "ac4a10e90c1be5404f34a37edbdf08924a72967e116c947504a0f0c510034eb5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\formhistory.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.info", "hashes": [ { "md5_hash": "fe0449f06ab00664525baf7d99f7098f", "sha1_hash": "e4fce1eb219d8d304812b53bd1427490097907ea", "sha256_hash": "ae444fe438ee798026241438896f04a859b3e3a129842725a03e29675c407108", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.info", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\LICENSE.txt", "hashes": [ { "md5_hash": "3348a379c9cc128bf216fa79ff4859f7", "sha1_hash": "69e7fd956893ce2990e1ddea955023280f711a97", "sha256_hash": "deb183b3ea1f5d8c4b6e3eadee0478c70fba58d3c4df8d66d1db25a6e76a1d39", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\license.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\manifest.json", "hashes": [ { "md5_hash": "ff04887dc37b6731a048ece8ff32fb8f", "sha1_hash": "98d538e377c2f5c20ad739a72bc5f18c7b261d68", "sha256_hash": "6f92acd43145cc497ca677d6cd183e5d99b06abf534dbad3ba12c797c96b4d68", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\manifest.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\key3.db", "hashes": [ { "md5_hash": "19198bf743d858949597941a7667772d", "sha1_hash": "6c753754225579ccf0964dad36af8dd673a729bc", "sha256_hash": "1d72a7021ec432f1fb582d0c23b0a650c95dbc89b37623af7d333a2f39c26e11", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\key3.db", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\kinto.sqlite", "hashes": [ { "md5_hash": "6cef10510eb4d85cc1a32afa2c95b78c", "sha1_hash": "e9a2e3141c16a4e114f078e88add801d9161f76d", "sha256_hash": "6da159242cbbe8e6802e87c144afaee3b935142d8e9d3ad3ec15b16ff8c3a92f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\kinto.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\permissions.sqlite", "hashes": [ { "md5_hash": "5dd5df4019efab4438f5c144f24728b9", "sha1_hash": "61cedf727326bc6baf97f26a7ff7fc0dbd1b5186", "sha256_hash": "4c3b4f13857f461d004c53d1f42019c9571e5321e86954d066885a88f7494cca", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\permissions.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite", "hashes": [ { "md5_hash": "3ab16d235b46fffed29dda7fe31787a0", "sha1_hash": "1ba8034558d85940390c10caa7b2ab09dcada2f5", "sha256_hash": "8b95953b69d7ff6000349477f52fd40a2cb515d08e8620adac189ebc7b58cb3e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\places.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\pluginreg.dat", "hashes": [ { "md5_hash": "162a464f975f993c02ff5de49fe6a2b4", "sha1_hash": "ecae0a478653ef771a197e00452ac03a2c9ebf12", "sha256_hash": "f2881afc2955788c621332c75bb71ad9fc506ef5787b23a15043e1e7842d97e0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\pluginreg.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\prefs.js", "hashes": [ { "md5_hash": "839d9a66603b13b7100d7fd075ecde59", "sha1_hash": "81a0774f64a853bda4f96cb42d9d1d5192faa475", "sha256_hash": "b29027e15fe4483662d5ac2afcfd6dc1d15b16290b74efed77144ef0e7b699b2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\prefs.js", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\revocations.txt", "hashes": [ { "md5_hash": "45b97e176b42c7ae086b7b03029accd1", "sha1_hash": "79856813a976809b7a141665745bc723fbf3af07", "sha256_hash": "19167bd47a5e3b0b3e7164a05ff42024a1eedaa6db483303c62b918941a85bf8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\revocations.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\secmod.db", "hashes": [ { "md5_hash": "2001bfd869409aea96b4cf4e1f65ee67", "sha1_hash": "0ef3e6633d416d4d6b2ed46c12c7e59313936fc5", "sha256_hash": "b44ab5c2c2912d3a68c285fb0b4ba224ba2e9ce6d471872d0f6a17c10a584220", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\secmod.db", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionCheckpoints.json", "hashes": [ { "md5_hash": "3c427b245983dca52645773e536fc82b", "sha1_hash": "f1fc2a755f082783eab12953878c7af32bc8bead", "sha256_hash": "78b76d62144692eeba9190289494dbc3f421089d423f36b91cd32dc1caf2ea4d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessioncheckpoints.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionstore-backups\\previous.js", "hashes": [ { "md5_hash": "a65d3e11898c7c575d3dccdd364a7486", "sha1_hash": "cb31ffbb450e8129fbe6ebda11e5e793a66ed43c", "sha256_hash": "3ded70e20fab2e198fe845d80a133036f3bb13bccc85c8ba555520dcd31cc4f6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore-backups\\previous.js", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionstore.js", "hashes": [ { "md5_hash": "5e613b2b8b410f7e91a31cde38585305", "sha1_hash": "b880d6ec174e9bc8699aa22cf067311e89a2f0f8", "sha256_hash": "53d04e36c7fc49fe215fe947f98bfaf398b2f101046b53f2fe43575f3ff5a4df", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore.js", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\SiteSecurityServiceState.txt", "hashes": [ { "md5_hash": "041f6ac7e85658c83cb4d1d92a8b22aa", "sha1_hash": "3c120c5f836e81287a81d560e4ccb64e95d6b00b", "sha256_hash": "9fca5af3190c6763539910f1a10020c260a45795c3da6f92225bddf177efaa98", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sitesecurityservicestate.txt", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite", "hashes": [ { "md5_hash": "68f90dc52361ba8b54c5692208616a49", "sha1_hash": "22efbf16fe06abb5007b6b7d9d792af433373336", "sha256_hash": "a2549c70334b67550eea1a49316375293f1d4f536071bd072783c2b24715545a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", "hashes": [ { "md5_hash": "9fd26e3c40ca850bf1d4437feeb3bd3d", "sha1_hash": "2a983860a398b83a0bceda217b22d27d4c4fa600", "sha256_hash": "c54caf1b4643adc5658dadcc45d57de9a9c43e05e3ba5843c91142aa541ecf77", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage.sqlite", "hashes": [ { "md5_hash": "6f2a52c09fa7f6d3c69675aac90d37a0", "sha1_hash": "cf6322306317c5a27e5c0f7a0da3f3f9232b34a3", "sha256_hash": "1d510585ce43f029a70421c6bded60edf95f921b514cd618216e76c74a79134a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Recovery\\WindowsRE\\ReAgent.xml.GDCB", "hashes": [ { "md5_hash": "b54a23c3a7b39a79fac497dc373bbd78", "sha1_hash": "a436612cd0a6b71203adee2ec4c54e57100198ca", "sha256_hash": "e49227c9eca563bc13f73bbd8c27231be8720a3793531e14547944851886513d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\recovery\\windowsre\\reagent.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\004-sn-0z5C.wav.GDCB", "hashes": [ { "md5_hash": "0f1459dde60a316ff823e5d139c35369", "sha1_hash": "771bd564cb340ab471a52d5bdd9cabca2cca3be1", "sha256_hash": "9f8bfa505d1427cf2580717fb15df2e836367faa754bff27b2c967989d6f8985", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\004-sn-0z5c.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\1WmQLmoja01-EP.gif.GDCB", "hashes": [ { "md5_hash": "c985de94f816b08c703d1e8d93f38deb", "sha1_hash": "0ee384ce272d390e882f951f253fd9d2fe0c810f", "sha256_hash": "0f4865b1175da7e03fdb6f4987e1f68cdcef4b67e8f60fb8e30b3deea9963810", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\1wmqlmoja01-ep.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\4SCtkxF.ots.GDCB", "hashes": [ { "md5_hash": "abff62fdf29c0c95ac6844262ab0d021", "sha1_hash": "ac7e41be580eab8ddaedc3088ac224da241df886", "sha256_hash": "729c5213b77c8ca608f8029cc8b342ac3c7de3ca614d851e43ed86f987f89545", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\4sctkxf.ots.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\6ttfnwVzD3wR1.wav.GDCB", "hashes": [ { "md5_hash": "73cf5cc0544c3516cf1336480a2916a5", "sha1_hash": "ac4277e0ac06f1c5bdb8b71ad3d34c3f287dddf5", "sha256_hash": "0c3ba80c00a2f1b7df032bd62d17281a5597a3a5414325feeba810e16618bff6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\6ttfnwvzd3wr1.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\8MU6pxFxklXwXFC.m4a.GDCB", "hashes": [ { "md5_hash": "ee9242e408267dfad7b630abd510826f", "sha1_hash": "735a08f05a58a7dc91196e380cfa32270ad1384e", "sha256_hash": "3337830f27794128aae98c9549e4423d880f86358ea4684f0fb6f284350871f8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\8mu6pxfxklxwxfc.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\LogTransport2\\Logs\\ulog_AcroARM2_Reader_c8be971a-de95-4557-abcb-db98e0788e08_00209595-b6ba-4fa7-88b0-97083d4c2159_0.log.GDCB", "hashes": [ { "md5_hash": "e9a8880e462c8674dace0cb09394f7c1", "sha1_hash": "0b7883ceaf8b1b241054c889cd4ac4fa6090d54d", "sha256_hash": "bdeb8a73af6dbb1f3916252969669a1a5eb79c1536cd215770d6954ca563ed2e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\ulog_acroarm2_reader_c8be971a-de95-4557-abcb-db98e0788e08_00209595-b6ba-4fa7-88b0-97083d4c2159_0.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\LogTransport2\\Logs\\ulog_AcroARM2_Reader_c8be971a-de95-4557-abcb-db98e0788e08_56653bcd-022e-4023-b1f6-9926fada0024_0.log.GDCB", "hashes": [ { "md5_hash": "49e7890b98e4442c515ccc9b49868c23", "sha1_hash": "7345966c786336a8958b252471e50f15c02deb49", "sha256_hash": "1214c9d673d0ddf85d399eebcfb9e253b3b9cab58d8b4633c19883d36e808a12", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\ulog_acroarm2_reader_c8be971a-de95-4557-abcb-db98e0788e08_56653bcd-022e-4023-b1f6-9926fada0024_0.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\LogTransport2\\LogTransport2.cfg.GDCB", "hashes": [ { "md5_hash": "d8cdf288e13aadb2ce14a68a669f630a", "sha1_hash": "af0df73951537463b1487d42a99e27d7300262cd", "sha256_hash": "31e88e523d65f182fb89bb2a06530a1e5403047db3e4fff4320a3a30832aaf5b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logtransport2.cfg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Adobe\\Sonar\\Sonar1.0\\sonar_policy.xml.GDCB", "hashes": [ { "md5_hash": "0c27e5c8b0aa653b07acefc50652d175", "sha1_hash": "d217de833b350ab50ba97c238cbcc18704859f29", "sha256_hash": "e0674cc38b38e8e3d90037c5708061d4af4e9ec1f5a637d1cdaf8d042fe172c6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\sonar\\sonar1.0\\sonar_policy.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\CztjLRmT.bmp.GDCB", "hashes": [ { "md5_hash": "18e9c822299394be54340564c9495fb9", "sha1_hash": "8bc8db3d2e1665627517a438f14b10d456189d71", "sha256_hash": "89962cf39be2b75f7426d6587173960e24133af7634ee946681f7809d5ce980b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\cztjlrmt.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\ExocxBlrLmuRHv.gif.GDCB", "hashes": [ { "md5_hash": "4fd8b71eb547e80a511dea90be2d937e", "sha1_hash": "513a365e82651b25951bc673a31a92c69cbb149f", "sha256_hash": "41a0166c378b2e435300c9445ad20385da33592f6aae8b4f083de3118104a9ad", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\exocxblrlmurhv.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\FCmH0Q4.bmp.GDCB", "hashes": [ { "md5_hash": "33fdf31ed083a84ce2717ffb862ae2e0", "sha1_hash": "8c8812203e8f54e2bcd491ce29ccdfb8ff0efbb7", "sha256_hash": "b43655c0d7d972ee2bf316f757c05f9acd99809c4d730bc6ed99ddb92f77f871", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\fcmh0q4.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\imbMbOER.ppt.GDCB", "hashes": [ { "md5_hash": "0ddfd813a62431944e9b86bc00b0c1e3", "sha1_hash": "56e9635f12557abb4b74e6765c41a97aee797d94", "sha256_hash": "5e2349f3cfc00d0623f1168d723ea63d9e371b6ae4496bd2c88f930b19526e08", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\imbmboer.ppt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\ixwxy.png.GDCB", "hashes": [ { "md5_hash": "f84242aad257414c6299394eaef94f9c", "sha1_hash": "87b0ce6ba99aab6f95d4e42a442ec6091a1f3287", "sha256_hash": "848fb7439563b074c3cafd736a079171778af3d77dc4ec1dd37c2e308ad62da8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ixwxy.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\jxoh-EFt2nW-t9X.wav.GDCB", "hashes": [ { "md5_hash": "b5415449808e3c6932f4f94d1761bb37", "sha1_hash": "a0158afe4f3177fb8c838b46da76c89a637f17b6", "sha256_hash": "2a12c5c57bddc771133012588410bd27b00e5c5aa4f38e08d77805b17b9be816", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\jxoh-eft2nw-t9x.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\ldeazaydq H9.jpg.GDCB", "hashes": [ { "md5_hash": "1a47edbd8f8d1889567df663c75e238f", "sha1_hash": "80a1751c44bf254cdc45a879f337048120065548", "sha256_hash": "db8c32bdd3d523dd3327bc56d93e63a74f7be65c3f926cc96b9d18e33832e6ff", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ldeazaydq h9.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\LSI0fbp1d3.flv.GDCB", "hashes": [ { "md5_hash": "939b6ecc6f0aa446c5299714281818cf", "sha1_hash": "40b02c8e732ea82fd2055347bb2510eb73049ebe", "sha256_hash": "32791fd4f7b088308114afd699eb68b8a2adbbae87390a71d3729fa503202ebb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\lsi0fbp1d3.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\lxRXkBM2nNswBBWWBk42.mp4.GDCB", "hashes": [ { "md5_hash": "332b91fdf7f7aeba767b44d868a765b9", "sha1_hash": "1e186a019d9f1206dcc31664ccf280f05673e55c", "sha256_hash": "0b92c0b6c77f30eab7f9ad126587ad43ae31dcd64cf5de5792cdf783991bfa62", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\lxrxkbm2nnswbbwwbk42.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Document Building Blocks\\1033\\16\\Built-In Building Blocks.dotx.GDCB", "hashes": [ { "md5_hash": "8e8c7452e491075de50f5e9a84a2905f", "sha1_hash": "6a56eafd259c03d9038640e65c04e06c777a6918", "sha256_hash": "98f04c9c24889b943e54bed16be1c26ac46df40e5618e9b8fe57af8b441dd8ab", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Office\\Recent\\index.dat.GDCB", "hashes": [ { "md5_hash": "17dad9f4045de6bceb1598659d4c8c5a", "sha1_hash": "f1116dc673d7f32d1d5e727f08c18e3be3a9e6be", "sha256_hash": "5e325548acad4849cc825bb073774b29004488bce2942e5f47d36b0d071d9bb2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\OneNote\\16.0\\Preferences.dat.GDCB", "hashes": [ { "md5_hash": "60933f9f1dd6608884f46526bfcc62f2", "sha1_hash": "d60250ead57dd4dd0d711191546713fe55a6e40d", "sha256_hash": "9ecc1aa70a74f8f3fb3a94b4e4529d55b4d9bb5701058c2dbf9e6f9f373afa7e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\onenote\\16.0\\preferences.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.srs.GDCB", "hashes": [ { "md5_hash": "4f1121df7817b939d28f8853a82910b9", "sha1_hash": "9c7c9b74a28b541ab43a08797d5a7ce1b19238a5", "sha256_hash": "380a1f0a103ed3ded033a0759cd64e3007792e094f58ee01e6f46cfcf1d16624", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\outlook.srs.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Outlook\\Outlook.xml.GDCB", "hashes": [ { "md5_hash": "96d99e275adaad30e6e1d1c79a424e8d", "sha1_hash": "223ff832d6bd7ef200da2fc1669a2e2770355f63", "sha256_hash": "b08df0b6489862834b419808312bb6b5b06bdca4604344a9a201a629d882550c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\outlook.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Calendar insights.xltm.GDCB", "hashes": [ { "md5_hash": "9ace8d3f5804bec2bf33322bbd7634f2", "sha1_hash": "a5f7bdbae0f3bbfc5f8005b13c6bd38fb22bc3c8", "sha256_hash": "9a745102c9d7ffa9789062f6a95a6c62ac685971c15c072a0afce0c355cb6cca", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\calendar insights.xltm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Cashflow analysis.xltm.GDCB", "hashes": [ { "md5_hash": "f4f0fae8060d4b08ae97df8fbcbc778a", "sha1_hash": "4bbbf4874ac53fd766f33e21a89112c9a312d646", "sha256_hash": "fce588c4aa8dad0103095bec57de759262ad9375eec73cdb1d4f59fcc392663c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\cashflow analysis.xltm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Email Insights.xltm.GDCB", "hashes": [ { "md5_hash": "8d95a48beceba8f02826bc19d41d757b", "sha1_hash": "25ed003799a398df182d45e21bbce9581e5ffbd1", "sha256_hash": "dbe9e6b516890cc3fff90caabf3406974ba8ca0bdef492a7138b354860e4fae7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\email insights.xltm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Normal.dotm.GDCB", "hashes": [ { "md5_hash": "a1f1d47ce549e3030af0fc7ebbf1ddf4", "sha1_hash": "d2eef073cfe342424dc5037aaf80a9053d856c48", "sha256_hash": "69560b53a62f017be4dadda81b79f7dba384f6490bb5d89ac254025c73babf0e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\normal.dotm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Process Map for Basic Flowchart.xltx.GDCB", "hashes": [ { "md5_hash": "4125923df0d5c4f8c5f8fbe6d953f890", "sha1_hash": "9b1d3550bf89fc2d0a150f65b08e60d23bf7d68f", "sha256_hash": "845e7fae5297ef9160843a26088ade29b34791d1519c009e5c138b9d09550015", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\process map for basic flowchart.xltx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Process Map for Cross-Functional Flowchart.xltx.GDCB", "hashes": [ { "md5_hash": "06be6a0f948f33e4925148ac17e57a7a", "sha1_hash": "401063e54ac2fca064d0d62d5508936da4353ce6", "sha256_hash": "467b8d5fb7efee0fee5eb90b0b376d01b47ce3449f0806bd23258b9d4b4040a7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\process map for cross-functional flowchart.xltx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Stock symbols comparison.xltm.GDCB", "hashes": [ { "md5_hash": "47157eb06e51d5598d4e50d3ffdce68c", "sha1_hash": "754bae77c4fbde31bbf4f9cd7f01522a923a1b10", "sha256_hash": "000bf1b2ffae653fc0165337f881adb2bf84dce78848b89740d892e5c62e5075", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\stock symbols comparison.xltm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Templates\\Welcome to Excel.xltx.GDCB", "hashes": [ { "md5_hash": "e855d4238bfb403c0e8a9a8ce692374d", "sha1_hash": "6ec7ee5763c5da5388cc640811d7719cb3d74c66", "sha256_hash": "7bb0213fbe8377d4a2ad86fb472f7348c3327bead9afd7b7c7a103d2317f2709", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\welcome to excel.xltx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Themes\\CachedFiles\\CachedImage_1440_900_POS4.jpg.GDCB", "hashes": [ { "md5_hash": "928f5eddd1ad2f0d337d43e0255ac530", "sha1_hash": "34f5af6657e94adf4abb54bdc7033d7498ba1020", "sha256_hash": "c7e3a962018b3fe78fd6992cba2e16db651ffad02d178b1aa453cda36c94100f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\mj7J-R46l5.pptx.GDCB", "hashes": [ { "md5_hash": "1a5c5b11fb72d3f1a229d3502ee42617", "sha1_hash": "55494dbf28e2c893ddbf05315376a48e9042cc8b", "sha256_hash": "e98a3429769c1c5e7c25bdfe73bf05b48de0ded074257393d762a5b6d0555b8a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mj7j-r46l5.pptx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MlDkkPrkrB.mkv.GDCB", "hashes": [ { "md5_hash": "5d41e1436cb152465ca01f00ef2e86ba", "sha1_hash": "d57943b008b3cdccec058f84199cfd83da2959d5", "sha256_hash": "803550b48b231e0d3a8857c12e93eb9adba2dcdd59dd1388ceaaa52850da90f3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mldkkprkrb.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\MMSANU.wav.GDCB", "hashes": [ { "md5_hash": "2a49933dba48b24d252de021e4413c12", "sha1_hash": "63a856991bfd691bff8ee577668c09504ad4f460", "sha256_hash": "67dd7bf30a073152cd6c49d9576c0e61ad49ee2c6cc73e098f9d45814786a201", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mmsanu.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\addons.json.GDCB", "hashes": [ { "md5_hash": "63368ee730c3a277e09a80617cbd5e38", "sha1_hash": "f94ad6ebc41a5518eeb48b683896ca132753a07b", "sha256_hash": "9d9b1f87ce8404f1c281d58a3e4f48c97c5f53e197c9dcf91a07095e86bffefd", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\addons.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-addons.json.GDCB", "hashes": [ { "md5_hash": "95e6ddee73cb0be4cacbdf0c5e64c3bf", "sha1_hash": "a610ac512fbd42c8bf0c937353c73126d7cfc86b", "sha256_hash": "0a9c87662454702d945325d4cd48ca883193dc964cbe3774f4e2cb5805d68405", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-addons.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-gfx.json.GDCB", "hashes": [ { "md5_hash": "18c18310a1a4b578b24ab7ee03225b37", "sha1_hash": "67bc366aef9829e1d1a6874733fce749848d2db2", "sha256_hash": "963b33dbe8ac26086924d94d1d02b72b5e84247b365c152de45855aebab3cf86", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-gfx.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist-plugins.json.GDCB", "hashes": [ { "md5_hash": "3c4ba43c591d9a995a4e14849e15213f", "sha1_hash": "d62a36592e1c94125f35ea92ba1c5a0ba8958e0f", "sha256_hash": "aae79e221d6bc7dd501e061dd79541549be7165c14a27ae96319c9a1f267ef86", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-plugins.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\blocklist.xml.GDCB", "hashes": [ { "md5_hash": "b42b628d5dca2a4c49434b6a03522809", "sha1_hash": "cbd0f640b7f5804c895cf543ed8ffe41f9c0fa0c", "sha256_hash": "e14c1f0a75916f47f02d9f55f8107cb2c831bf6db11efa35bf69d1429744427d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cert8.db.GDCB", "hashes": [ { "md5_hash": "613a30081b1b9ada852e29802a034ed2", "sha1_hash": "c1558a6fd950db3d38afb6e700a4ab3caa7c1f70", "sha256_hash": "f54950d4b656f6c0b8846bb7047a674992f36cfb74feaffcbd9358861e440642", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cert8.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\compatibility.ini.GDCB", "hashes": [ { "md5_hash": "2a3c3b66601c50e814b219717edf86aa", "sha1_hash": "f8b0868bb023bba1f9abaaa64f7dcbeeff6a7a7b", "sha256_hash": "6272ad9b4882b06d8a5a652ea5abd52fe3fbc4e799a030a262cc65906cf10ba9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\compatibility.ini.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\containers.json.GDCB", "hashes": [ { "md5_hash": "b47b6db7d02994ee9f6bf90c1d2e3f5a", "sha1_hash": "278c9a3ffda0cde9caa393614b2d4dbf16a789eb", "sha256_hash": "ddc48214681a881253769f711fe50152ac977857e330e209e150e69bc467a4a6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\containers.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\content-prefs.sqlite.GDCB", "hashes": [ { "md5_hash": "f35e400158ea44277e5a8bb7c1a485fd", "sha1_hash": "eb3e164e64150a19f969534a0e2b1bf95ea0b6ea", "sha256_hash": "693709460fbc64459a073c75b7884154e8d8ad3167bc9cb72862a20421a3820e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\content-prefs.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cookies.sqlite.GDCB", "hashes": [ { "md5_hash": "4864d87fd4fafa8706618691582d50eb", "sha1_hash": "b7fab54eafe8660767e4a2dcc11ad89c10acb231", "sha256_hash": "37aaf1db4f046763e91f881840cdca0454bb317906fa2394a42cdae2d07f233c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cookies.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\session-state.json.GDCB", "hashes": [ { "md5_hash": "7c081fc791cf3be85b4e2dafe3aab389", "sha1_hash": "383de7459c1c35baf6beb7e7e6e4f165185a4395", "sha256_hash": "dff105a193540e215cdafbc559d7cec184f9f50d942ada29dcf763bb51d00597", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\session-state.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\datareporting\\state.json.GDCB", "hashes": [ { "md5_hash": "de383ebb4d7ac5e53d6a9e1ef7e7429a", "sha1_hash": "b29ac0b83eb704bba13d503577684c047d506bac", "sha256_hash": "fa423e9f4c4ad6755daad03d9927de43db5f2a62376834db23f4fdef0a26ad4e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\state.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\extensions.ini.GDCB", "hashes": [ { "md5_hash": "1158e7c90296ec9bf67c228d6f3c82f3", "sha1_hash": "1655556dbcc057caaf173dbdf8b7aa8759b86cad", "sha256_hash": "c676704ab822a77ae4638152c45d22798310b7591864f62771d0a344103fd9c8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.ini.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\extensions.json.GDCB", "hashes": [ { "md5_hash": "4a11ded0abd05200164f479de2f050b0", "sha1_hash": "8978fc01f9c0d629b201bca3560ece8546e2a9da", "sha256_hash": "aa8ba1f603ffe755fc757dd6e1b16eb10a1ccfdaffb159dfc3c51ff8f4814315", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\formhistory.sqlite.GDCB", "hashes": [ { "md5_hash": "0b72679469ad78247f075472f7d44d45", "sha1_hash": "f5fb3a92b9593a2129221d2e869d0b0292de1ddd", "sha256_hash": "ac4a10e90c1be5404f34a37edbdf08924a72967e116c947504a0f0c510034eb5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\formhistory.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.info.GDCB", "hashes": [ { "md5_hash": "fe0449f06ab00664525baf7d99f7098f", "sha1_hash": "e4fce1eb219d8d304812b53bd1427490097907ea", "sha256_hash": "ae444fe438ee798026241438896f04a859b3e3a129842725a03e29675c407108", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.info.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\LICENSE.txt.GDCB", "hashes": [ { "md5_hash": "3348a379c9cc128bf216fa79ff4859f7", "sha1_hash": "69e7fd956893ce2990e1ddea955023280f711a97", "sha256_hash": "deb183b3ea1f5d8c4b6e3eadee0478c70fba58d3c4df8d66d1db25a6e76a1d39", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\license.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\manifest.json.GDCB", "hashes": [ { "md5_hash": "ff04887dc37b6731a048ece8ff32fb8f", "sha1_hash": "98d538e377c2f5c20ad739a72bc5f18c7b261d68", "sha256_hash": "6f92acd43145cc497ca677d6cd183e5d99b06abf534dbad3ba12c797c96b4d68", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\manifest.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\key3.db.GDCB", "hashes": [ { "md5_hash": "19198bf743d858949597941a7667772d", "sha1_hash": "6c753754225579ccf0964dad36af8dd673a729bc", "sha256_hash": "1d72a7021ec432f1fb582d0c23b0a650c95dbc89b37623af7d333a2f39c26e11", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\key3.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\kinto.sqlite.GDCB", "hashes": [ { "md5_hash": "6cef10510eb4d85cc1a32afa2c95b78c", "sha1_hash": "e9a2e3141c16a4e114f078e88add801d9161f76d", "sha256_hash": "6da159242cbbe8e6802e87c144afaee3b935142d8e9d3ad3ec15b16ff8c3a92f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\kinto.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\permissions.sqlite.GDCB", "hashes": [ { "md5_hash": "5dd5df4019efab4438f5c144f24728b9", "sha1_hash": "61cedf727326bc6baf97f26a7ff7fc0dbd1b5186", "sha256_hash": "4c3b4f13857f461d004c53d1f42019c9571e5321e86954d066885a88f7494cca", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\permissions.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite.GDCB", "hashes": [ { "md5_hash": "3ab16d235b46fffed29dda7fe31787a0", "sha1_hash": "1ba8034558d85940390c10caa7b2ab09dcada2f5", "sha256_hash": "8b95953b69d7ff6000349477f52fd40a2cb515d08e8620adac189ebc7b58cb3e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\places.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\pluginreg.dat.GDCB", "hashes": [ { "md5_hash": "162a464f975f993c02ff5de49fe6a2b4", "sha1_hash": "ecae0a478653ef771a197e00452ac03a2c9ebf12", "sha256_hash": "f2881afc2955788c621332c75bb71ad9fc506ef5787b23a15043e1e7842d97e0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\pluginreg.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\prefs.js.GDCB", "hashes": [ { "md5_hash": "839d9a66603b13b7100d7fd075ecde59", "sha1_hash": "81a0774f64a853bda4f96cb42d9d1d5192faa475", "sha256_hash": "b29027e15fe4483662d5ac2afcfd6dc1d15b16290b74efed77144ef0e7b699b2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\prefs.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\revocations.txt.GDCB", "hashes": [ { "md5_hash": "45b97e176b42c7ae086b7b03029accd1", "sha1_hash": "79856813a976809b7a141665745bc723fbf3af07", "sha256_hash": "19167bd47a5e3b0b3e7164a05ff42024a1eedaa6db483303c62b918941a85bf8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\revocations.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\secmod.db.GDCB", "hashes": [ { "md5_hash": "2001bfd869409aea96b4cf4e1f65ee67", "sha1_hash": "0ef3e6633d416d4d6b2ed46c12c7e59313936fc5", "sha256_hash": "b44ab5c2c2912d3a68c285fb0b4ba224ba2e9ce6d471872d0f6a17c10a584220", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\secmod.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionCheckpoints.json.GDCB", "hashes": [ { "md5_hash": "3c427b245983dca52645773e536fc82b", "sha1_hash": "f1fc2a755f082783eab12953878c7af32bc8bead", "sha256_hash": "78b76d62144692eeba9190289494dbc3f421089d423f36b91cd32dc1caf2ea4d", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessioncheckpoints.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionstore-backups\\previous.js.GDCB", "hashes": [ { "md5_hash": "a65d3e11898c7c575d3dccdd364a7486", "sha1_hash": "cb31ffbb450e8129fbe6ebda11e5e793a66ed43c", "sha256_hash": "3ded70e20fab2e198fe845d80a133036f3bb13bccc85c8ba555520dcd31cc4f6", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore-backups\\previous.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\sessionstore.js.GDCB", "hashes": [ { "md5_hash": "5e613b2b8b410f7e91a31cde38585305", "sha1_hash": "b880d6ec174e9bc8699aa22cf067311e89a2f0f8", "sha256_hash": "53d04e36c7fc49fe215fe947f98bfaf398b2f101046b53f2fe43575f3ff5a4df", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\SiteSecurityServiceState.txt.GDCB", "hashes": [ { "md5_hash": "041f6ac7e85658c83cb4d1d92a8b22aa", "sha1_hash": "3c120c5f836e81287a81d560e4ccb64e95d6b00b", "sha256_hash": "9fca5af3190c6763539910f1a10020c260a45795c3da6f92225bddf177efaa98", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sitesecurityservicestate.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite.GDCB", "hashes": [ { "md5_hash": "68f90dc52361ba8b54c5692208616a49", "sha1_hash": "22efbf16fe06abb5007b6b7d9d792af433373336", "sha256_hash": "a2549c70334b67550eea1a49316375293f1d4f536071bd072783c2b24715545a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.GDCB", "hashes": [ { "md5_hash": "9fd26e3c40ca850bf1d4437feeb3bd3d", "sha1_hash": "2a983860a398b83a0bceda217b22d27d4c4fa600", "sha256_hash": "c54caf1b4643adc5658dadcc45d57de9a9c43e05e3ba5843c91142aa541ecf77", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\times.json", "hashes": [ { "md5_hash": "c13e394d8c873033447ffaf34c811ba2", "sha1_hash": "f906dd014a476dd5caf67028cc455ba030bbbbf8", "sha256_hash": "07766239384fcb6dd9f632361e234f384b04613057e88eb8cb417277f459eb12", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\times.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\webappsstore.sqlite", "hashes": [ { "md5_hash": "bffd156531792f40cefa19e057dad558", "sha1_hash": "94bebb8ad09222b7af1e7a089a05355f4293c99c", "sha256_hash": "52019841567ab9acf3eb39cbbf861c57418c104b145d251a24fcc3512061f0d8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\webappsstore.sqlite", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\xulstore.json", "hashes": [ { "md5_hash": "52edb27b678a1423cc5a7c395ef9608b", "sha1_hash": "e6c1100157864135373cad6ade9a053376cf4a25", "sha256_hash": "6fdd876dfa1b9c30e419ad3dac18e8faadcb0da33de2a40127889af556643697", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\xulstore.json", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini", "hashes": [ { "md5_hash": "f9b2be39da460d7ba7d475b20ccfc59d", "sha1_hash": "d7f6f8a7815a14efdebb2754040e8fb73a347ca3", "sha256_hash": "f21a073bcdaf73514ec6a0d7fb9853713a03cd18e575bfa4da5d14b8d2be2d6f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\PP7PZiVZnjg.gif", "hashes": [ { "md5_hash": "d57dbcbf6a88104beb63b936dc523e3b", "sha1_hash": "fd79e1963a73ef30addd8b225fb4e4d06ffe92cf", "sha256_hash": "7c5a6e99c73e948a038c9dbf2a891c7187ce76c70345848e84bbff30905777b2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\pp7pzivznjg.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\py_6.pdf", "hashes": [ { "md5_hash": "e0c6b057994cea53aca5f8f94498c0d8", "sha1_hash": "58b7c5d30ed9df0fe283aba2f368b826337e28f3", "sha256_hash": "76baf9d9a12200bc983502dcf8c274adb689a8bfe65c21c3d8a4827d6bcc0dac", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\py_6.pdf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\QvlruVqbW5.mp3", "hashes": [ { "md5_hash": "698b179fa80e5f6a2e6e5b2c882fa516", "sha1_hash": "2c5edc2e66f4f46a812b49b6ae9763714737b001", "sha256_hash": "00d687b4f63a0ca65f90a85e6cb6d8c619984eb5e5d325897db9445a3828bf95", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\qvlruvqbw5.mp3", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\rDJeorfWLmIUKr-wJ-G.mp3", "hashes": [ { "md5_hash": "dba97cfd81384dade62415ad23075d8e", "sha1_hash": "c17f1563210af31c488a83d1c55526b7db443428", "sha256_hash": "9b03c0a4a0fa330d1c9ded547ac823b245a0597844845652f7dae41d7d48e455", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\rdjeorfwlmiukr-wj-g.mp3", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\s-oOZLE.avi", "hashes": [ { "md5_hash": "10585553cebfdd919b6ac2566eac0528", "sha1_hash": "dfb94d643f80ba5350ad74277ae2bd3364b93173", "sha256_hash": "954c159ff12cefe8f56dad1a01c647afc990e76d77e2b42047672e0cc83e6c07", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\s-oozle.avi", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\sao0lzDqm lb1JO.bmp", "hashes": [ { "md5_hash": "741bee2e736b4f9430c4880106dc06a2", "sha1_hash": "b5544585893e5f687bd35b6b75489f5f8ff54464", "sha256_hash": "8e8a8dd1726a2bf6824bdcf0905d20e74a317bfd1d898b2d3a7b15df812e2413", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\sao0lzdqm lb1jo.bmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Skype\\RootTools\\roottools.conf", "hashes": [ { "md5_hash": "e00bfaaa0bda8ae0bcc8759e6438bd98", "sha1_hash": "6018634d3a55422a1b662358f196b0da7f28ace4", "sha256_hash": "c1d825c97c241f7a29f8278f3beb441b99a76ede63b760e136c7f3e333baec9c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\skype\\roottools\\roottools.conf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\srk1.flv", "hashes": [ { "md5_hash": "9adbbbed445282b7c1374621cc0c30b5", "sha1_hash": "f119dedf61c417e1809dbc6de57d93d5e264ed9f", "sha256_hash": "66fc505324a7d415fa2550ee6ccc2adc00b6a64de4e9669043638978893ff75e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\srk1.flv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\UFabmkAU-rJObGOdjy23.swf", "hashes": [ { "md5_hash": "a39a82e1744b9603dc631703b82f092e", "sha1_hash": "df8706892164e938506756ed8a1fe5aa0ab469dc", "sha256_hash": "478cb831a5c381593a3ef08eff9f576b0fa74712e6144472728089f5267d77cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ufabmkau-rjobgodjy23.swf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\XDfXtYW.m4a", "hashes": [ { "md5_hash": "47b32f582829fc149c1ad975f7671b66", "sha1_hash": "dbf064c04dfff84e7e622733378542c81151869a", "sha256_hash": "36dde405c3e3f3dafcf4e55a9414f9401ac1ac175daaa26d773f74b3c4f8e473", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\xdfxtyw.m4a", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\xX9L.avi", "hashes": [ { "md5_hash": "0eeb629f0eb9412ff0738d93418d1c9e", "sha1_hash": "85fa1bb9d2696df770fb46a4b9a2685319df9ac7", "sha256_hash": "602d3244d848e5752a29fe638b65cccfcd85a49e30b2aafc7901ec1968b3d80a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\xx9l.avi", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\X_3ykeU9F6OZxw.swf", "hashes": [ { "md5_hash": "4fe96b1e09829e3f42ecd021c3e85d10", "sha1_hash": "2412d3f539c38b8285928b16525d9c40b54481f8", "sha256_hash": "37e5d8f5f86f9ebdbe1ddf77bab3791fa4bbdd350bc83f11e37f62ec4340a6c5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\x_3ykeu9f6ozxw.swf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\yzRhhBR e0eN.wav", "hashes": [ { "md5_hash": "6452ffb3827cb5556b4c6355c9c28b6e", "sha1_hash": "cad5ffd351dcdf6d5ba4ff8d6142819251da7d2c", "sha256_hash": "4d09c75cdfbccfa2ef93806551cd707400cd44990fa0addf71434d57052f5e81", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\yzrhhbr e0en.wav", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\z5f8F.pdf", "hashes": [ { "md5_hash": "f777816652dd4210dafcbddd17ce9415", "sha1_hash": "77ad0642cbf80dc0453d54cf1dab63ef8105d0bb", "sha256_hash": "188425c773868fdd14e52b6f2b2477525e4cd3bb434fc38e238552c68663ef44", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\z5f8f.pdf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Contacts\\Aclviho ASldjfl.contact", "hashes": [ { "md5_hash": "2b1714598076b3960ed27c2d3b9f6d2e", "sha1_hash": "856ba41045c8395875d330d9571a48b325ce4166", "sha256_hash": "c4d0cd2a3f823e017690af78baeb16cc121bc588dba8f1b2ea939e2fcf3d4053", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\aclviho asldjfl.contact", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Contacts\\asdlfk poopvy.contact", "hashes": [ { "md5_hash": "4f8ab5551de4b63418f33c793b55d29e", "sha1_hash": "203aaf9efa41dad37802d11fe8daa25dfe2880f1", "sha256_hash": "1dfde3fe4e5134211e9c5311311045118d22959bc71cb0ba664efe9bbe34fc48", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\asdlfk poopvy.contact", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Contacts\\chucu jadnvk.contact", "hashes": [ { "md5_hash": "ef62f6e9e42054153de73c873b2e377e", "sha1_hash": "6409c597cb6ad5f431902d89d556d5a6e3611400", "sha256_hash": "b269b2d672db2bd36d0bf40c6440e7e23de1072c94597445f82c8b2a10ab5ebb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\chucu jadnvk.contact", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Contacts\\lulcit amkdfe.contact", "hashes": [ { "md5_hash": "ae6f0f8df15f844656f13f8e1eba2209", "sha1_hash": "0617e004cd7d582ceed897f2e66acc2413bd435d", "sha256_hash": "2c6328770748881c9ea17cbd97c22ed5a149d0918032da82789a9869181050fb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\lulcit amkdfe.contact", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Contacts\\sikvnb huvuib.contact", "hashes": [ { "md5_hash": "72f57c6c885b18c9ad1e97f7530db5d5", "sha1_hash": "7d5ae2df99f784c930b4fbc84c65064b56074f41", "sha256_hash": "9914b535d048c4596854f57efe89cef04f32fc68741147d226f81734ac32fbe7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\sikvnb huvuib.contact", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\-__krKwuDNCw7vix_s.wav", "hashes": [ { "md5_hash": "b95857b0b180b1b3b086a7861ddeaa7d", "sha1_hash": "7541d650523036993cabf3fdf89e41eefdd6c74b", "sha256_hash": "cf570f6643c64a1721afd8b0de34c84316939d4083e074f20abd90a3a821bdcb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\-__krkwudncw7vix_s.wav", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\8g6mIA 6.pptx", "hashes": [ { "md5_hash": "38ee62682ffe9ac583b2dff019f52d5e", "sha1_hash": "1a01784e9062b03e20f94295fb5c715d81997775", "sha256_hash": "3ccd1425c07d594aafa0e6409ddcf353a49796500ce6ba5d976567e7d0235e04", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\8g6mia 6.pptx", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\lFbogup.mp3", "hashes": [ { "md5_hash": "c6136a90fcead756bd15ce909ebf17a3", "sha1_hash": "68fa51b8a08f5f3a10f708819f826e043e98a8ff", "sha256_hash": "2f24d74efbe540ac507c5e3ff4ff1edc3043f78bc525acd1b5e5a2bf7b5592b8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\lfbogup.mp3", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\L_GiUm\\9Vo634VvEY9vGOHOlzG.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\9vo634vvey9vgoholzg.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\L_GiUm\\jS0e PAHtzszw9mdks.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\js0e pahtzszw9mdks.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\L_GiUm\\ORNdnmfJCdFA1es0enx.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\orndnmfjcdfa1es0enx.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\L_GiUm\\oWXZt UxeIOr.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\owxzt uxeior.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\mxHA9QwX60.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\mxha9qwx60.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\210AtVavnZ- J.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\210atvavnz- j.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\4wEn.jpg", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\4wen.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\8Frf.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\8frf.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\8UW6wrCE2.xlsx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\8uw6wrce2.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\8ysUM-7H.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\8ysum-7h.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\DJJGr.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\djjgr.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\E3nwHKKhrNc.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\e3nwhkkhrnc.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\m mArdoH QZh2LspL.pptx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\m mardoh qzh2lspl.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\pCAr B4s-Dnk.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\pcar b4s-dnk.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\Slrus_KiV.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\slrus_kiv.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\ZdIFxnCVv1avem R.png", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\zdifxncvv1avem r.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\BbF8suj7aJrWr.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\bbf8suj7ajrwr.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\brfsFSSqM P0x3ZmWLa7.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\brfsfssqm p0x3zmwla7.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\C53kh.swf", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\c53kh.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\Dzbrs.pdf", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\dzbrs.pdf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\EP7RDgDUv zXYJnd.xlsx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\ep7rdgduv zxyjnd.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\FklQtdWtufGJ1mB.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\fklqtdwtufgj1mb.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\HkP-y.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\hkp-y.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\jdhLD2CDd5WY7.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\jdhld2cdd5wy7.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\jNjLs50IkyF.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\jnjls50ikyf.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\kahnQObJzadjF7L.png", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\kahnqobjzadjf7l.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\lvsyP1X4kac5-oJ4Il.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\lvsyp1x4kac5-oj4il.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\RO4EO80gDGY.bmp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\ro4eo80gdgy.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\tm_ddke9n40UxlNf.m4a", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\tm_ddke9n40uxlnf.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\uiVP.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\uivp.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vXxmRwzZCj_sg.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\vxxmrwzzcj_sg.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\VzXLa-7b6.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\vzxla-7b6.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\WQpPr2duNweKE.bmp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\wqppr2dunweke.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\xi sEofN8ylvSn f1.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\xi seofn8ylvsn f1.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\ZDva7C73jglno2II.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\zdva7c73jglno2ii.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\_K46etKVMAaI10T6boQ.docx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\_k46etkvmaai10t6boq.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\0fbVcV3Zv5.pptx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\0fbvcv3zv5.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\1K3-TZCPmibHkU6FTw.pps", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\1k3-tzcpmibhku6ftw.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\3V2cw3uZFEEV-SxWrlF.docx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\3v2cw3uzfeev-sxwrlf.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\4nC7.rtf", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\4nc7.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\7G4L9lsNnmIcN.xlsx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\7g4l9lsnnmicn.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\CHQmRNcGe_.xlsx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\chqmrncge_.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\F52 BWbPLjYuLmJ-w1.pptx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\f52 bwbpljyulmj-w1.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\fDUISGbLgw.pptx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\fduisgblgw.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FfJVg4ausPebvr1q.xlsx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ffjvg4auspebvr1q.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\AprPk7nLlMxB0d4d.xls", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\aprpk7nllmxb0d4d.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\R8M4R8KAn1bTR.ppt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\r8m4r8kan1btr.ppt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\Sc5nXy5 kKlZ2r8gTs.odt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\sc5nxy5 kklz2r8gts.odt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\tUxL3qY.ppt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\tuxl3qy.ppt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\-XKS.odp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\-xks.odp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\1C35.odp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\1c35.odp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\1UScSaKRACH3OPj.odt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\1uscsakrach3opj.odt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\bnQE.pps", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\bnqe.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\D6YOUnG.pptx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\d6young.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\l_9IL425VzhWVYOQGgg3.ots", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\l_9il425vzhwvyoqggg3.ots", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\-5DB1ff.xls", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\-5db1ff.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\CH63OfWwkwX.odp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\ch63ofwwkwx.odp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\k13Z0oU8.pps", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\k13z0ou8.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\M4Gyy4ufrujRiwZd_-B.doc", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\m4gyy4ufrujriwzd_-b.doc", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\sJuFZ-fNNCbjtR4EQ.odp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\sjufz-fnncbjtr4eq.odp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\TCfZ31T4.pptx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\tcfz31t4.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\utrCoofyOdVwdhW.docx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\utrcoofyodvwdhw.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\N1gDhnyQRsiczzqYbfB.pptx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\n1gdhnyqrsiczzqybfb.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\niXUM m_uKc.xlsx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\nixum m_ukc.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\oMlpnA 6XmkBTGxeBEL.pptx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\omlpna 6xmkbtgxebel.pptx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\OneNote Notebooks\\My Notebook\\Quick Notes.one", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\onenote notebooks\\my notebook\\quick notes.one", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\OOwKqpIl7aYSv RTHK.xls", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\oowkqpil7aysv rthk.xls", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\Outlook Files\\lcfkj@kiekc.df.pst", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\outlook files\\lcfkj@kiekc.df.pst", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\pPZcbKQB2 6KmBkrXgk.docx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ppzcbkqb2 6kmbkrxgk.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\tKA0HHzsGkO.docx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\tka0hhzsgko.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\vWO_nHAQmsUVwAMd0Z82.ods", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\vwo_nhaqmsuvwamd0z82.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\we _xEQTC-XaBOe0W.docx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\we _xeqtc-xaboe0w.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\68I4YY.rtf", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\68i4yy.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\aD9d_LSzlGORTH_zOBw.pdf", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\ad9d_lszlgorth_zobw.pdf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\J-grwbdBQV.rtf", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\j-grwbdbqv.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\jMUwXrx_DL.pps", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\jmuwxrx_dl.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\QyXXAo4.doc", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\qyxxao4.doc", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\sZVcnxJx2O3Ea_92PnF.ods", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\szvcnxjx2o3ea_92pnf.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\y-GP 4d2ufj1t1Q8BO.xlsx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\y-gp 4d2ufj1t1q8bo.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\2eXJAztyYmvvQ\\eVSTo2lZP Wdy7GN.doc", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\2exjaztyymvvq\\evsto2lzp wdy7gn.doc", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\2eXJAztyYmvvQ\\mS4m0NY7CUhf.docx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\2exjaztyymvvq\\ms4m0ny7cuhf.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\2eXJAztyYmvvQ\\XrBuw45rasubttu.odp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\2exjaztyymvvq\\xrbuw45rasubttu.odp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\2eXJAztyYmvvQ\\zbt 1EdBZB.csv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\2exjaztyymvvq\\zbt 1edbzb.csv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\Gr2Zxvd.ots", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\gr2zxvd.ots", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\IP7roZ19.ots", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\ip7roz19.ots", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\qVfwJx7xAD.csv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\qvfwjx7xad.csv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\xuMNmaAQwzS.odt", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\xumnmaaqwzs.odt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\y8Dt5yt-qFapkL0CAmn.rtf", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\y8dt5yt-qfapkl0camn.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\zQ2RNryyQvoJvOOlXhWv.docx", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\zq2rnryyqvojvoolxhwv.docx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\5NChLZgIqlXt\\fNbs43ibSVs.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\5nchlzgiqlxt\\fnbs43ibsvs.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\5NChLZgIqlXt\\oIfHXR2mpe7ee2Nsv 4.m4a", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\5nchlzgiqlxt\\oifhxr2mpe7ee2nsv 4.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\5NChLZgIqlXt\\rHf-1nu.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\5nchlzgiqlxt\\rhf-1nu.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\5NChLZgIqlXt\\T-7wzx6ySIXcZz.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\5nchlzgiqlxt\\t-7wzx6ysixczz.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\5NChLZgIqlXt\\UafU.m4a", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\5nchlzgiqlxt\\uafu.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\e8jkSa\\xghTLw90Cf1QZ5.m4a", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\e8jksa\\xghtlw90cf1qz5.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\e8jkSa\\Yao_HXWP.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\e8jksa\\yao_hxwp.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\e8jkSa\\Ymssxu72LfvGM.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\e8jksa\\ymssxu72lfvgm.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\HijnMp4jD.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\hijnmp4jd.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\OGnlmvN61P.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\ognlmvn61p.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\Q2-4.m4a", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\q2-4.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\RefPD1CxYRt5f\\7OmvA6Oj54HnGnXR.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\refpd1cxyrt5f\\7omva6oj54hngnxr.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\RefPD1CxYRt5f\\NlFstO.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\refpd1cxyrt5f\\nlfsto.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\RefPD1CxYRt5f\\nUZfgOp3Di0KuKreL.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\refpd1cxyrt5f\\nuzfgop3di0kukrel.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\RefPD1CxYRt5f\\y4zEZYY.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\refpd1cxyrt5f\\y4zezyy.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\Smjrlot\\1 VB53\\IKWXe_gF5Yuhj.m4a", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\smjrlot\\1 vb53\\ikwxe_gf5yuhj.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\Smjrlot\\1 VB53\\Ill9aA7yaQL1EfF2s3.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\smjrlot\\1 vb53\\ill9aa7yaql1eff2s3.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\Smjrlot\\7m-0Y.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\smjrlot\\7m-0y.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\Smjrlot\\XZ8M.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\smjrlot\\xz8m.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\0kabWvjicpBJ0xsd.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\0kabwvjicpbj0xsd.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\4a e.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\4a e.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\DdwfuJCNVR.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\ddwfujcnvr.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\kur6uO2BY_qE5Uul.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\kur6uo2by_qe5uul.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\PIeLdzmNCBfzZZL.m4a", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\pieldzmncbfzzzl.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\Y-a5-Y5Z2Bd1xmD32cHW.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\y-a5-y5z2bd1xmd32chw.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\22j3l8d5gwBlYb.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\22j3l8d5gwblyb.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\HK_SRBXCNwo6hKv3Yib.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\hk_srbxcnwo6hkv3yib.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\KtCdK3LGr9KL.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\ktcdk3lgr9kl.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\sOg89QCB_MYsMq.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\sog89qcb_mysmq.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\TrUGiHFGXsM_7X.wav", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\trugihfgxsm_7x.wav", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\xX723ly.m4a", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\xx723ly.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\YpQES.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\ypqes.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\yWYXQBe8hOW.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\ywyxqbe8how.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\ZHBVSc7E1Gs.m4a", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\zhbvsc7e1gs.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\_gco.m4a", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\_gco.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\v3kq.mp3", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\v3kq.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\ntuser.ini", "hashes": [ { "md5_hash": "5311bfb29d17a6f43408b9ba889c684d", "sha1_hash": "4886bd5d287310cc988664b2b1c71ea4450bada2", "sha256_hash": "c5caf30250e61f4947d76f63620c2356341ff52983d9982e885ba4fc8a13e7bf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\ntuser.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\0qcuk3G0.jpg", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\0qcuk3g0.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\5j6qWl.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\5j6qwl.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\7- q0PatGd\\pG1qS.bmp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\7- q0patgd\\pg1qs.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\FaqWpPUQVtLKuYdk9BQ4.bmp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\faqwppuqvtlkuydk9bq4.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\F_TF-DzzJpMT.jpg", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\f_tf-dzzjpmt.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\jyOHRPQ6E1yOr.png", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\jyohrpq6e1yor.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\Sl5l.jpg", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\sl5l.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\2OkDu2NHm-7zk1T.bmp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\2okdu2nhm-7zk1t.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\G5FnSYH55eBrRD_erFyF.jpg", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\g5fnsyh55ebrrd_erfyf.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\kSYHI_Wa9bfsyy-Z.jpg", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\ksyhi_wa9bfsyy-z.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\kvL5uOocTiCI S__fRu.png", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\kvl5uooctici s__fru.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\lmzNuu.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\lmznuu.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\MW5Jvk.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\mw5jvk.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\T21W3FSXJ7JpSCXp.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\t21w3fsxj7jpscxp.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\WjNoxg.bmp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\wjnoxg.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\wr XEQqTY.bmp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\wr xeqqty.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\ZgA4eFUdQ2ea\\gqOFi.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\zga4efudq2ea\\gqofi.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\ZgA4eFUdQ2ea\\OukrMDnEpoe.jpg", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\zga4efudq2ea\\oukrmdnepoe.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\ZgA4eFUdQ2ea\\RorB-_IDA6hQ.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\zga4efudq2ea\\rorb-_ida6hq.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\ZgA4eFUdQ2ea\\U53LX.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\zga4efudq2ea\\u53lx.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\ZH eoon3PUL.jpg", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\zh eoon3pul.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\ArQS.jpg", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\arqs.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\bemI0XiX.png", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\bemi0xix.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\M53SLY\\7dro.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\m53sly\\7dro.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\M53SLY\\CJbH8HUSxEjPL.bmp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\m53sly\\cjbh8husxejpl.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\M53SLY\\ku4nJ2ON.png", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\m53sly\\ku4nj2on.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\M53SLY\\xxlpD7In_.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\m53sly\\xxlpd7in_.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\M53SLY\\yx09evjd3tm-ElFRU4jJ.png", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\m53sly\\yx09evjd3tm-elfru4jj.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\0 Bsa-pMwMwujfrg6E.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\0 bsa-pmwmwujfrg6e.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\E6gQJw oI-snc.jpg", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\e6gqjw oi-snc.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\ea9JJ.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\ea9jj.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\ig6hjLi-OP4x R.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\ig6hjli-op4x r.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\LXuzoE1qcv.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\lxuzoe1qcv.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\SVN91cv_iHYxat.gif", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\svn91cv_ihyxat.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\Tg7hEW3R70Mvw.bmp", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\tg7hew3r70mvw.bmp", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\YK5YSXrT6pdJC.jpg", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\yk5ysxrt6pdjc.jpg", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\0UtXt7xPb0GNpKjh.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\0utxt7xpb0gnpkjh.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\2TGN8j_vaZgksKT.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\2tgn8j_vazgkskt.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\bGoaUzmEXEhDXqBYf1.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\bgoauzmexehdxqbyf1.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\dUrCm0.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\durcm0.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\JOfdh4o6jslX.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\jofdh4o6jslx.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\8BQk0ewUYfCpH5.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\8bqk0ewuyfcph5.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\0RdiLe2R39_-D0kBjV.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\0rdile2r39_-d0kbjv.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\XSzYOqMEGXWZId3aDzM\\0EsxwfGpf\\Fz8jhnIlC8sC7y.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\xszyoqmegxwzid3adzm\\0esxwfgpf\\fz8jhnilc8sc7y.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\XSzYOqMEGXWZId3aDzM\\0EsxwfGpf\\IviMqpQIe2jIpP9 D.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\xszyoqmegxwzid3adzm\\0esxwfgpf\\ivimqpqie2jipp9 d.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\XSzYOqMEGXWZId3aDzM\\0EsxwfGpf\\tgUnQFz.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\xszyoqmegxwzid3adzm\\0esxwfgpf\\tgunqfz.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\XSzYOqMEGXWZId3aDzM\\0EsxwfGpf\\thXC6nEZL.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\xszyoqmegxwzid3adzm\\0esxwfgpf\\thxc6nezl.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\XSzYOqMEGXWZId3aDzM\\b- AWKoK.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\xszyoqmegxwzid3adzm\\b- awkok.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\fh_ElomWjB6mGEzzsu.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\fh_elomwjb6mgezzsu.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\I3rvC2fJE74Sn F44.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\i3rvc2fje74sn f44.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\vqbM3wDvneErr8cJ.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\vqbm3wdvneerr8cj.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\QJlL7y9JmXDRLc6Ro.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\qjll7y9jmxdrlc6ro.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\kOjmvhiL2 9M.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\kojmvhil2 9m.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\mtUuOvxK7w98mX.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\mtuuovxk7w98mx.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\ppRS2\\iJXfQ.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\pprs2\\ijxfq.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\ppRS2\\wuSgr.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\pprs2\\wusgr.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\XwhtYRwYJqMJuVCzK.swf", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\xwhtyrwyjqmjuvczk.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\6z- of0Ate9fxiX14.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\6z- of0ate9fxix14.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\o6UX2DM3DI2N.swf", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\o6ux2dm3di2n.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\gKHCm2fwtZ_xFQId52k.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\gkhcm2fwtz_xfqid52k.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\AThZQX4 Xqy.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\athzqx4 xqy.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\dWY3im-Jv_\\1Ff1pR_1.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\dwy3im-jv_\\1ff1pr_1.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\dWY3im-Jv_\\i25MLe9kC22ViMDQq.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\dwy3im-jv_\\i25mle9kc22vimdqq.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\GlwDigP8Jjnd5uC g.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\glwdigp8jjnd5uc g.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\LsUd7T_9uN5u1inV_P.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\lsud7t_9un5u1inv_p.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\oY42r84BASg5Iqj_WyZI.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\oy42r84basg5iqj_wyzi.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\q_rurk5jw-eBsu1expVq.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\q_rurk5jw-ebsu1expvq.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\tV 10V8P8Hh2UG.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\tv 10v8p8hh2ug.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\xXr5-.swf", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\xxr5-.swf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\vuAolxdGJNBdv7Qy.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\vuaolxdgjnbdv7qy.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\ppTk R5o9qfrpMwcdZ.avi", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\pptk r5o9qfrpmwcdz.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\sM-RZdXy7IpWC_.mkv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\sm-rzdxy7ipwc_.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\sq-y33jTJDe8y5s5Pm.flv", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\sq-y33jtjde8y5s5pm.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\vokX63XlsbhJHT0r.mp4", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\vokx63xlsbhjht0r.mp4", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows\\Shell\\DefaultLayouts.xml", "hashes": [], "norm_filename": "c:\\users\\default\\appdata\\local\\microsoft\\windows\\shell\\defaultlayouts.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\Default\\AppData\\Local\\Microsoft\\Windows Sidebar\\settings.ini", "hashes": [], "norm_filename": "c:\\users\\default\\appdata\\local\\microsoft\\windows sidebar\\settings.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\storage.sqlite.GDCB", "hashes": [ { "md5_hash": "6f2a52c09fa7f6d3c69675aac90d37a0", "sha1_hash": "cf6322306317c5a27e5c0f7a0da3f3f9232b34a3", "sha256_hash": "1d510585ce43f029a70421c6bded60edf95f921b514cd618216e76c74a79134a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\times.json.GDCB", "hashes": [ { "md5_hash": "c13e394d8c873033447ffaf34c811ba2", "sha1_hash": "f906dd014a476dd5caf67028cc455ba030bbbbf8", "sha256_hash": "07766239384fcb6dd9f632361e234f384b04613057e88eb8cb417277f459eb12", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\times.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\webappsstore.sqlite.GDCB", "hashes": [ { "md5_hash": "bffd156531792f40cefa19e057dad558", "sha1_hash": "94bebb8ad09222b7af1e7a089a05355f4293c99c", "sha256_hash": "52019841567ab9acf3eb39cbbf861c57418c104b145d251a24fcc3512061f0d8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\webappsstore.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\xulstore.json.GDCB", "hashes": [ { "md5_hash": "52edb27b678a1423cc5a7c395ef9608b", "sha1_hash": "e6c1100157864135373cad6ade9a053376cf4a25", "sha256_hash": "6fdd876dfa1b9c30e419ad3dac18e8faadcb0da33de2a40127889af556643697", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\xulstore.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini.GDCB", "hashes": [ { "md5_hash": "f9b2be39da460d7ba7d475b20ccfc59d", "sha1_hash": "d7f6f8a7815a14efdebb2754040e8fb73a347ca3", "sha256_hash": "f21a073bcdaf73514ec6a0d7fb9853713a03cd18e575bfa4da5d14b8d2be2d6f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\PP7PZiVZnjg.gif.GDCB", "hashes": [ { "md5_hash": "d57dbcbf6a88104beb63b936dc523e3b", "sha1_hash": "fd79e1963a73ef30addd8b225fb4e4d06ffe92cf", "sha256_hash": "7c5a6e99c73e948a038c9dbf2a891c7187ce76c70345848e84bbff30905777b2", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\pp7pzivznjg.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\py_6.pdf.GDCB", "hashes": [ { "md5_hash": "e0c6b057994cea53aca5f8f94498c0d8", "sha1_hash": "58b7c5d30ed9df0fe283aba2f368b826337e28f3", "sha256_hash": "76baf9d9a12200bc983502dcf8c274adb689a8bfe65c21c3d8a4827d6bcc0dac", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\py_6.pdf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\QvlruVqbW5.mp3.GDCB", "hashes": [ { "md5_hash": "698b179fa80e5f6a2e6e5b2c882fa516", "sha1_hash": "2c5edc2e66f4f46a812b49b6ae9763714737b001", "sha256_hash": "00d687b4f63a0ca65f90a85e6cb6d8c619984eb5e5d325897db9445a3828bf95", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\qvlruvqbw5.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\rDJeorfWLmIUKr-wJ-G.mp3.GDCB", "hashes": [ { "md5_hash": "dba97cfd81384dade62415ad23075d8e", "sha1_hash": "c17f1563210af31c488a83d1c55526b7db443428", "sha256_hash": "9b03c0a4a0fa330d1c9ded547ac823b245a0597844845652f7dae41d7d48e455", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\rdjeorfwlmiukr-wj-g.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\s-oOZLE.avi.GDCB", "hashes": [ { "md5_hash": "10585553cebfdd919b6ac2566eac0528", "sha1_hash": "dfb94d643f80ba5350ad74277ae2bd3364b93173", "sha256_hash": "954c159ff12cefe8f56dad1a01c647afc990e76d77e2b42047672e0cc83e6c07", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\s-oozle.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\sao0lzDqm lb1JO.bmp.GDCB", "hashes": [ { "md5_hash": "741bee2e736b4f9430c4880106dc06a2", "sha1_hash": "b5544585893e5f687bd35b6b75489f5f8ff54464", "sha256_hash": "8e8a8dd1726a2bf6824bdcf0905d20e74a317bfd1d898b2d3a7b15df812e2413", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\sao0lzdqm lb1jo.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Skype\\RootTools\\roottools.conf.GDCB", "hashes": [ { "md5_hash": "e00bfaaa0bda8ae0bcc8759e6438bd98", "sha1_hash": "6018634d3a55422a1b662358f196b0da7f28ace4", "sha256_hash": "c1d825c97c241f7a29f8278f3beb441b99a76ede63b760e136c7f3e333baec9c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\skype\\roottools\\roottools.conf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\srk1.flv.GDCB", "hashes": [ { "md5_hash": "9adbbbed445282b7c1374621cc0c30b5", "sha1_hash": "f119dedf61c417e1809dbc6de57d93d5e264ed9f", "sha256_hash": "66fc505324a7d415fa2550ee6ccc2adc00b6a64de4e9669043638978893ff75e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\srk1.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\UFabmkAU-rJObGOdjy23.swf.GDCB", "hashes": [ { "md5_hash": "a39a82e1744b9603dc631703b82f092e", "sha1_hash": "df8706892164e938506756ed8a1fe5aa0ab469dc", "sha256_hash": "478cb831a5c381593a3ef08eff9f576b0fa74712e6144472728089f5267d77cf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ufabmkau-rjobgodjy23.swf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\XDfXtYW.m4a.GDCB", "hashes": [ { "md5_hash": "47b32f582829fc149c1ad975f7671b66", "sha1_hash": "dbf064c04dfff84e7e622733378542c81151869a", "sha256_hash": "36dde405c3e3f3dafcf4e55a9414f9401ac1ac175daaa26d773f74b3c4f8e473", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\xdfxtyw.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\xX9L.avi.GDCB", "hashes": [ { "md5_hash": "0eeb629f0eb9412ff0738d93418d1c9e", "sha1_hash": "85fa1bb9d2696df770fb46a4b9a2685319df9ac7", "sha256_hash": "602d3244d848e5752a29fe638b65cccfcd85a49e30b2aafc7901ec1968b3d80a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\xx9l.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\X_3ykeU9F6OZxw.swf.GDCB", "hashes": [ { "md5_hash": "4fe96b1e09829e3f42ecd021c3e85d10", "sha1_hash": "2412d3f539c38b8285928b16525d9c40b54481f8", "sha256_hash": "37e5d8f5f86f9ebdbe1ddf77bab3791fa4bbdd350bc83f11e37f62ec4340a6c5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\x_3ykeu9f6ozxw.swf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\yzRhhBR e0eN.wav.GDCB", "hashes": [ { "md5_hash": "6452ffb3827cb5556b4c6355c9c28b6e", "sha1_hash": "cad5ffd351dcdf6d5ba4ff8d6142819251da7d2c", "sha256_hash": "4d09c75cdfbccfa2ef93806551cd707400cd44990fa0addf71434d57052f5e81", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\yzrhhbr e0en.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\z5f8F.pdf.GDCB", "hashes": [ { "md5_hash": "f777816652dd4210dafcbddd17ce9415", "sha1_hash": "77ad0642cbf80dc0453d54cf1dab63ef8105d0bb", "sha256_hash": "188425c773868fdd14e52b6f2b2477525e4cd3bb434fc38e238552c68663ef44", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\z5f8f.pdf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Contacts\\Aclviho ASldjfl.contact.GDCB", "hashes": [ { "md5_hash": "2b1714598076b3960ed27c2d3b9f6d2e", "sha1_hash": "856ba41045c8395875d330d9571a48b325ce4166", "sha256_hash": "c4d0cd2a3f823e017690af78baeb16cc121bc588dba8f1b2ea939e2fcf3d4053", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\aclviho asldjfl.contact.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Contacts\\asdlfk poopvy.contact.GDCB", "hashes": [ { "md5_hash": "4f8ab5551de4b63418f33c793b55d29e", "sha1_hash": "203aaf9efa41dad37802d11fe8daa25dfe2880f1", "sha256_hash": "1dfde3fe4e5134211e9c5311311045118d22959bc71cb0ba664efe9bbe34fc48", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\asdlfk poopvy.contact.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Contacts\\chucu jadnvk.contact.GDCB", "hashes": [ { "md5_hash": "ef62f6e9e42054153de73c873b2e377e", "sha1_hash": "6409c597cb6ad5f431902d89d556d5a6e3611400", "sha256_hash": "b269b2d672db2bd36d0bf40c6440e7e23de1072c94597445f82c8b2a10ab5ebb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\chucu jadnvk.contact.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Contacts\\lulcit amkdfe.contact.GDCB", "hashes": [ { "md5_hash": "ae6f0f8df15f844656f13f8e1eba2209", "sha1_hash": "0617e004cd7d582ceed897f2e66acc2413bd435d", "sha256_hash": "2c6328770748881c9ea17cbd97c22ed5a149d0918032da82789a9869181050fb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\lulcit amkdfe.contact.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Contacts\\sikvnb huvuib.contact.GDCB", "hashes": [ { "md5_hash": "72f57c6c885b18c9ad1e97f7530db5d5", "sha1_hash": "7d5ae2df99f784c930b4fbc84c65064b56074f41", "sha256_hash": "9914b535d048c4596854f57efe89cef04f32fc68741147d226f81734ac32fbe7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\sikvnb huvuib.contact.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\-__krKwuDNCw7vix_s.wav.GDCB", "hashes": [ { "md5_hash": "b95857b0b180b1b3b086a7861ddeaa7d", "sha1_hash": "7541d650523036993cabf3fdf89e41eefdd6c74b", "sha256_hash": "cf570f6643c64a1721afd8b0de34c84316939d4083e074f20abd90a3a821bdcb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\-__krkwudncw7vix_s.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\8g6mIA 6.pptx.GDCB", "hashes": [ { "md5_hash": "38ee62682ffe9ac583b2dff019f52d5e", "sha1_hash": "1a01784e9062b03e20f94295fb5c715d81997775", "sha256_hash": "3ccd1425c07d594aafa0e6409ddcf353a49796500ce6ba5d976567e7d0235e04", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\8g6mia 6.pptx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\lFbogup.mp3.GDCB", "hashes": [ { "md5_hash": "c6136a90fcead756bd15ce909ebf17a3", "sha1_hash": "68fa51b8a08f5f3a10f708819f826e043e98a8ff", "sha256_hash": "2f24d74efbe540ac507c5e3ff4ff1edc3043f78bc525acd1b5e5a2bf7b5592b8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\lfbogup.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\L_GiUm\\9Vo634VvEY9vGOHOlzG.mkv.GDCB", "hashes": [ { "md5_hash": "40a59cc8ae2897597d62beae6a193186", "sha1_hash": "064cb087cbf7e299f68278b3f24420aa870ce474", "sha256_hash": "6bb5123e04e605d69620ea8326f9821d86cb7928b62645ae99a6739ee5da5e9b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\9vo634vvey9vgoholzg.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\L_GiUm\\jS0e PAHtzszw9mdks.wav.GDCB", "hashes": [ { "md5_hash": "5ddb4cd194ed2f62b689a7190e03ca07", "sha1_hash": "e82f9533b25b4be2167fd6347189121b5569ac85", "sha256_hash": "7c1675d282b5241550ee712b54db12ef9b3f5d1b88978065a3fd07e4b78603aa", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\js0e pahtzszw9mdks.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\L_GiUm\\ORNdnmfJCdFA1es0enx.flv.GDCB", "hashes": [ { "md5_hash": "318b73782ef8f9070fca04551c5ae07c", "sha1_hash": "0f21758fe57cceb67b99cf34c5cfe86c1c79c004", "sha256_hash": "58183f911b03152edd88e2902d8a45ebc3379012464035238d9dbbdc5a6e2291", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\orndnmfjcdfa1es0enx.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\L_GiUm\\oWXZt UxeIOr.mp3.GDCB", "hashes": [ { "md5_hash": "15db8c2396bef5efad7dc2c3fbc31a5f", "sha1_hash": "a5a950a38faf69e346385d08497eff5a993549e6", "sha256_hash": "8556d5f62111b357e374e390e83463ca2537b1e5a32fb73768191c6e08b36f3f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\owxzt uxeior.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\0eErT0ljWw1qHv\\mxHA9QwX60.mp4.GDCB", "hashes": [ { "md5_hash": "e4507e1f61bf2dd49c84ad77069f7ad7", "sha1_hash": "7d6df185a8d11d7ee6bfc94b1ffac084b0dc824a", "sha256_hash": "84ce5b56a4aacd7ed85f101e5089654df4845bdafa19fe0b13ae919b02db272f", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\mxha9qwx60.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\210AtVavnZ- J.avi.GDCB", "hashes": [ { "md5_hash": "0a49d0417ef684b80a55deeb583c717b", "sha1_hash": "bcd9a5f48184ac3079c0756874a5a2e63c8b11a0", "sha256_hash": "e18dcee9b5c662e81d02c07aa5bc0128e3f6c6de18738dab62f4c1254d5b9941", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\210atvavnz- j.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\4wEn.jpg.GDCB", "hashes": [ { "md5_hash": "9b1658583a58161f2e53024c6c42fb22", "sha1_hash": "ba65f0d002ab839bd9e5a0b2418472bbb94ab1c1", "sha256_hash": "b6cb643d26ccb1f424609d6fa757a00f0d8d409ce34c9b436d6b8b02ac679cb3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\4wen.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\8Frf.flv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\8frf.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\8UW6wrCE2.xlsx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\8uw6wrce2.xlsx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\8ysUM-7H.mkv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\8ysum-7h.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\DJJGr.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\djjgr.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\E3nwHKKhrNc.avi.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\e3nwhkkhrnc.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\m mArdoH QZh2LspL.pptx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\m mardoh qzh2lspl.pptx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\pCAr B4s-Dnk.avi.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\pcar b4s-dnk.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\Slrus_KiV.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\slrus_kiv.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\aWlcbVjj2 N5W7gRzUu\\ZdIFxnCVv1avem R.png.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\awlcbvjj2 n5w7grzuu\\zdifxncvv1avem r.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\BbF8suj7aJrWr.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\bbf8suj7ajrwr.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\brfsFSSqM P0x3ZmWLa7.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\brfsfssqm p0x3zmwla7.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\C53kh.swf.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\c53kh.swf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\Dzbrs.pdf.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\dzbrs.pdf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\EP7RDgDUv zXYJnd.xlsx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\ep7rdgduv zxyjnd.xlsx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\FklQtdWtufGJ1mB.flv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\fklqtdwtufgj1mb.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\HkP-y.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\hkp-y.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\jdhLD2CDd5WY7.avi.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\jdhld2cdd5wy7.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\jNjLs50IkyF.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\jnjls50ikyf.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\kahnQObJzadjF7L.png.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\kahnqobjzadjf7l.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\lvsyP1X4kac5-oJ4Il.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\lvsyp1x4kac5-oj4il.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\RO4EO80gDGY.bmp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\ro4eo80gdgy.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\tm_ddke9n40UxlNf.m4a.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\tm_ddke9n40uxlnf.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\uiVP.flv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\uivp.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\vXxmRwzZCj_sg.avi.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\vxxmrwzzcj_sg.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\VzXLa-7b6.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\vzxla-7b6.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\WQpPr2duNweKE.bmp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\wqppr2dunweke.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\xi sEofN8ylvSn f1.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\xi seofn8ylvsn f1.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\ZDva7C73jglno2II.mkv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\zdva7c73jglno2ii.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Desktop\\_K46etKVMAaI10T6boQ.docx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\_k46etkvmaai10t6boq.docx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\0fbVcV3Zv5.pptx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\0fbvcv3zv5.pptx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\1K3-TZCPmibHkU6FTw.pps.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\1k3-tzcpmibhku6ftw.pps.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\3V2cw3uZFEEV-SxWrlF.docx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\3v2cw3uzfeev-sxwrlf.docx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\4nC7.rtf.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\4nc7.rtf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\7G4L9lsNnmIcN.xlsx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\7g4l9lsnnmicn.xlsx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\CHQmRNcGe_.xlsx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\chqmrncge_.xlsx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\F52 BWbPLjYuLmJ-w1.pptx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\f52 bwbpljyulmj-w1.pptx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\fDUISGbLgw.pptx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\fduisgblgw.pptx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FfJVg4ausPebvr1q.xlsx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ffjvg4auspebvr1q.xlsx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\AprPk7nLlMxB0d4d.xls.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\aprpk7nllmxb0d4d.xls.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\R8M4R8KAn1bTR.ppt.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\r8m4r8kan1btr.ppt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\Sc5nXy5 kKlZ2r8gTs.odt.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\sc5nxy5 kklz2r8gts.odt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\tUxL3qY.ppt.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\tuxl3qy.ppt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\-XKS.odp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\-xks.odp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\1C35.odp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\1c35.odp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\1UScSaKRACH3OPj.odt.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\1uscsakrach3opj.odt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\bnQE.pps.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\bnqe.pps.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\D6YOUnG.pptx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\d6young.pptx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\l_9IL425VzhWVYOQGgg3.ots.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\l_9il425vzhwvyoqggg3.ots.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\-5DB1ff.xls.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\-5db1ff.xls.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\CH63OfWwkwX.odp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\ch63ofwwkwx.odp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\k13Z0oU8.pps.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\k13z0ou8.pps.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\M4Gyy4ufrujRiwZd_-B.doc.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\m4gyy4ufrujriwzd_-b.doc.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\sJuFZ-fNNCbjtR4EQ.odp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\sjufz-fnncbjtr4eq.odp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\TCfZ31T4.pptx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\tcfz31t4.pptx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\FtUF9T\\ZV1D_nCny\\uNON\\utrCoofyOdVwdhW.docx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ftuf9t\\zv1d_ncny\\unon\\utrcoofyodvwdhw.docx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\N1gDhnyQRsiczzqYbfB.pptx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\n1gdhnyqrsiczzqybfb.pptx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\niXUM m_uKc.xlsx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\nixum m_ukc.xlsx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\oMlpnA 6XmkBTGxeBEL.pptx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\omlpna 6xmkbtgxebel.pptx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\OneNote Notebooks\\My Notebook\\Quick Notes.one.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\onenote notebooks\\my notebook\\quick notes.one.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\OOwKqpIl7aYSv RTHK.xls.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\oowkqpil7aysv rthk.xls.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\Outlook Files\\lcfkj@kiekc.df.pst.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\outlook files\\lcfkj@kiekc.df.pst.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\pPZcbKQB2 6KmBkrXgk.docx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\ppzcbkqb2 6kmbkrxgk.docx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\tKA0HHzsGkO.docx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\tka0hhzsgko.docx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\vWO_nHAQmsUVwAMd0Z82.ods.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\vwo_nhaqmsuvwamd0z82.ods.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\we _xEQTC-XaBOe0W.docx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\we _xeqtc-xaboe0w.docx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\68I4YY.rtf.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\68i4yy.rtf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\aD9d_LSzlGORTH_zOBw.pdf.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\ad9d_lszlgorth_zobw.pdf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\J-grwbdBQV.rtf.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\j-grwbdbqv.rtf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\jMUwXrx_DL.pps.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\jmuwxrx_dl.pps.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\QyXXAo4.doc.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\qyxxao4.doc.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\wU6cO4bxfsD-glD-SMu\\sZVcnxJx2O3Ea_92PnF.ods.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\wu6co4bxfsd-gld-smu\\szvcnxjx2o3ea_92pnf.ods.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\y-GP 4d2ufj1t1Q8BO.xlsx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\y-gp 4d2ufj1t1q8bo.xlsx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\2eXJAztyYmvvQ\\eVSTo2lZP Wdy7GN.doc.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\2exjaztyymvvq\\evsto2lzp wdy7gn.doc.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\2eXJAztyYmvvQ\\mS4m0NY7CUhf.docx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\2exjaztyymvvq\\ms4m0ny7cuhf.docx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\2eXJAztyYmvvQ\\XrBuw45rasubttu.odp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\2exjaztyymvvq\\xrbuw45rasubttu.odp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\2eXJAztyYmvvQ\\zbt 1EdBZB.csv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\2exjaztyymvvq\\zbt 1edbzb.csv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\Gr2Zxvd.ots.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\gr2zxvd.ots.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\IP7roZ19.ots.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\ip7roz19.ots.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\qVfwJx7xAD.csv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\qvfwjx7xad.csv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\xuMNmaAQwzS.odt.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\xumnmaaqwzs.odt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\yk_ykl4\\y8Dt5yt-qFapkL0CAmn.rtf.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\yk_ykl4\\y8dt5yt-qfapkl0camn.rtf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Documents\\zQ2RNryyQvoJvOOlXhWv.docx.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\documents\\zq2rnryyqvojvoolxhwv.docx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\5NChLZgIqlXt\\fNbs43ibSVs.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\5nchlzgiqlxt\\fnbs43ibsvs.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\5NChLZgIqlXt\\oIfHXR2mpe7ee2Nsv 4.m4a.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\5nchlzgiqlxt\\oifhxr2mpe7ee2nsv 4.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\5NChLZgIqlXt\\rHf-1nu.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\5nchlzgiqlxt\\rhf-1nu.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\5NChLZgIqlXt\\T-7wzx6ySIXcZz.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\5nchlzgiqlxt\\t-7wzx6ysixczz.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\5NChLZgIqlXt\\UafU.m4a.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\5nchlzgiqlxt\\uafu.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\e8jkSa\\xghTLw90Cf1QZ5.m4a.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\e8jksa\\xghtlw90cf1qz5.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\e8jkSa\\Yao_HXWP.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\e8jksa\\yao_hxwp.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\e8jkSa\\Ymssxu72LfvGM.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\e8jksa\\ymssxu72lfvgm.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\HijnMp4jD.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\hijnmp4jd.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\OGnlmvN61P.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\ognlmvn61p.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\Q2-4.m4a.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\q2-4.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\RefPD1CxYRt5f\\7OmvA6Oj54HnGnXR.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\refpd1cxyrt5f\\7omva6oj54hngnxr.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\RefPD1CxYRt5f\\NlFstO.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\refpd1cxyrt5f\\nlfsto.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\RefPD1CxYRt5f\\nUZfgOp3Di0KuKreL.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\refpd1cxyrt5f\\nuzfgop3di0kukrel.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\RefPD1CxYRt5f\\y4zEZYY.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\refpd1cxyrt5f\\y4zezyy.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\Smjrlot\\1 VB53\\IKWXe_gF5Yuhj.m4a.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\smjrlot\\1 vb53\\ikwxe_gf5yuhj.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\Smjrlot\\1 VB53\\Ill9aA7yaQL1EfF2s3.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\smjrlot\\1 vb53\\ill9aa7yaql1eff2s3.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\Smjrlot\\7m-0Y.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\smjrlot\\7m-0y.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\Smjrlot\\XZ8M.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\smjrlot\\xz8m.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\0kabWvjicpBJ0xsd.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\0kabwvjicpbj0xsd.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\4a e.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\4a e.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\DdwfuJCNVR.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\ddwfujcnvr.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\kur6uO2BY_qE5Uul.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\kur6uo2by_qe5uul.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\PIeLdzmNCBfzZZL.m4a.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\pieldzmncbfzzzl.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\T0U3EmSD\\Y-a5-Y5Z2Bd1xmD32cHW.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\t0u3emsd\\y-a5-y5z2bd1xmd32chw.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\22j3l8d5gwBlYb.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\22j3l8d5gwblyb.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\HK_SRBXCNwo6hKv3Yib.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\hk_srbxcnwo6hkv3yib.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\KtCdK3LGr9KL.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\ktcdk3lgr9kl.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\sOg89QCB_MYsMq.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\sog89qcb_mysmq.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\TrUGiHFGXsM_7X.wav.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\trugihfgxsm_7x.wav.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\xX723ly.m4a.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\xx723ly.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\YpQES.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\ypqes.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\yWYXQBe8hOW.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\ywyxqbe8how.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\ZHBVSc7E1Gs.m4a.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\zhbvsc7e1gs.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\UmYv\\_gco.m4a.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\umyv\\_gco.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Music\\v3kq.mp3.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\music\\v3kq.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\ntuser.ini.GDCB", "hashes": [ { "md5_hash": "5311bfb29d17a6f43408b9ba889c684d", "sha1_hash": "4886bd5d287310cc988664b2b1c71ea4450bada2", "sha256_hash": "c5caf30250e61f4947d76f63620c2356341ff52983d9982e885ba4fc8a13e7bf", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\ntuser.ini.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\0qcuk3G0.jpg.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\0qcuk3g0.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\5j6qWl.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\5j6qwl.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\7- q0PatGd\\pG1qS.bmp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\7- q0patgd\\pg1qs.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\FaqWpPUQVtLKuYdk9BQ4.bmp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\faqwppuqvtlkuydk9bq4.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\F_TF-DzzJpMT.jpg.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\f_tf-dzzjpmt.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\jyOHRPQ6E1yOr.png.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\jyohrpq6e1yor.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\Sl5l.jpg.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\sl5l.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\2OkDu2NHm-7zk1T.bmp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\2okdu2nhm-7zk1t.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\G5FnSYH55eBrRD_erFyF.jpg.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\g5fnsyh55ebrrd_erfyf.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\kSYHI_Wa9bfsyy-Z.jpg.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\ksyhi_wa9bfsyy-z.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\kvL5uOocTiCI S__fRu.png.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\kvl5uooctici s__fru.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\lmzNuu.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\lmznuu.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\MW5Jvk.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\mw5jvk.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\T21W3FSXJ7JpSCXp.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\t21w3fsxj7jpscxp.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\WjNoxg.bmp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\wjnoxg.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\tlE6ao_mfe1zAPU\\wr XEQqTY.bmp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\tle6ao_mfe1zapu\\wr xeqqty.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\ZgA4eFUdQ2ea\\gqOFi.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\zga4efudq2ea\\gqofi.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\ZgA4eFUdQ2ea\\OukrMDnEpoe.jpg.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\zga4efudq2ea\\oukrmdnepoe.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\ZgA4eFUdQ2ea\\RorB-_IDA6hQ.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\zga4efudq2ea\\rorb-_ida6hq.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\ZgA4eFUdQ2ea\\U53LX.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\zga4efudq2ea\\u53lx.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\4o-7px\\ZH eoon3PUL.jpg.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\4o-7px\\zh eoon3pul.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\ArQS.jpg.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\arqs.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\bemI0XiX.png.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\bemi0xix.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\M53SLY\\7dro.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\m53sly\\7dro.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\M53SLY\\CJbH8HUSxEjPL.bmp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\m53sly\\cjbh8husxejpl.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\M53SLY\\ku4nJ2ON.png.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\m53sly\\ku4nj2on.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\M53SLY\\xxlpD7In_.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\m53sly\\xxlpd7in_.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\M53SLY\\yx09evjd3tm-ElFRU4jJ.png.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\m53sly\\yx09evjd3tm-elfru4jj.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\0 Bsa-pMwMwujfrg6E.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\0 bsa-pmwmwujfrg6e.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\E6gQJw oI-snc.jpg.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\e6gqjw oi-snc.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\ea9JJ.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\ea9jj.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\ig6hjLi-OP4x R.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\ig6hjli-op4x r.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\LXuzoE1qcv.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\lxuzoe1qcv.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\SVN91cv_iHYxat.gif.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\svn91cv_ihyxat.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\Tg7hEW3R70Mvw.bmp.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\tg7hew3r70mvw.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Pictures\\S-M7mZ Js\\YK5YSXrT6pdJC.jpg.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\pictures\\s-m7mz js\\yk5ysxrt6pdjc.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\0UtXt7xPb0GNpKjh.flv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\0utxt7xpb0gnpkjh.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\2TGN8j_vaZgksKT.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\2tgn8j_vazgkskt.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\bGoaUzmEXEhDXqBYf1.mkv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\bgoauzmexehdxqbyf1.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\dUrCm0.mkv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\durcm0.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\JOfdh4o6jslX.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\jofdh4o6jslx.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\8BQk0ewUYfCpH5.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\8bqk0ewuyfcph5.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\0RdiLe2R39_-D0kBjV.avi.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\0rdile2r39_-d0kbjv.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\XSzYOqMEGXWZId3aDzM\\0EsxwfGpf\\Fz8jhnIlC8sC7y.avi.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\xszyoqmegxwzid3adzm\\0esxwfgpf\\fz8jhnilc8sc7y.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\XSzYOqMEGXWZId3aDzM\\0EsxwfGpf\\IviMqpQIe2jIpP9 D.mkv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\xszyoqmegxwzid3adzm\\0esxwfgpf\\ivimqpqie2jipp9 d.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\XSzYOqMEGXWZId3aDzM\\0EsxwfGpf\\tgUnQFz.flv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\xszyoqmegxwzid3adzm\\0esxwfgpf\\tgunqfz.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\XSzYOqMEGXWZId3aDzM\\0EsxwfGpf\\thXC6nEZL.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\xszyoqmegxwzid3adzm\\0esxwfgpf\\thxc6nezl.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\aFOzj3YZTHvF\\XSzYOqMEGXWZId3aDzM\\b- AWKoK.flv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\afozj3yzthvf\\xszyoqmegxwzid3adzm\\b- awkok.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\fh_ElomWjB6mGEzzsu.avi.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\fh_elomwjb6mgezzsu.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\I3rvC2fJE74Sn F44.flv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\i3rvc2fje74sn f44.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\M VM-W8ibnNtUjYzZy1\\vqbM3wDvneErr8cJ.mkv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\m vm-w8ibnntujyzzy1\\vqbm3wdvneerr8cj.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\1rMkargVi\\QJlL7y9JmXDRLc6Ro.avi.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\1rmkargvi\\qjll7y9jmxdrlc6ro.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\kOjmvhiL2 9M.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\kojmvhil2 9m.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\mtUuOvxK7w98mX.flv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\mtuuovxk7w98mx.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\ppRS2\\iJXfQ.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\pprs2\\ijxfq.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\ppRS2\\wuSgr.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\pprs2\\wusgr.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\XwhtYRwYJqMJuVCzK.swf.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\xwhtyrwyjqmjuvczk.swf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\6z- of0Ate9fxiX14.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\6z- of0ate9fxix14.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\o6UX2DM3DI2N.swf.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\o6ux2dm3di2n.swf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\gKHCm2fwtZ_xFQId52k.avi.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\gkhcm2fwtz_xfqid52k.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\AThZQX4 Xqy.avi.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\athzqx4 xqy.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\dWY3im-Jv_\\1Ff1pR_1.mkv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\dwy3im-jv_\\1ff1pr_1.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\dWY3im-Jv_\\i25MLe9kC22ViMDQq.mkv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\dwy3im-jv_\\i25mle9kc22vimdqq.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\GlwDigP8Jjnd5uC g.flv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\glwdigp8jjnd5uc g.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\LsUd7T_9uN5u1inV_P.mkv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\lsud7t_9un5u1inv_p.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\oY42r84BASg5Iqj_WyZI.mkv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\oy42r84basg5iqj_wyzi.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\q_rurk5jw-eBsu1expVq.flv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\q_rurk5jw-ebsu1expvq.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\tV 10V8P8Hh2UG.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\tv 10v8p8hh2ug.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\tIZlz3oLFvDkmXZ\\xXr5-.swf.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\tizlz3olfvdkmxz\\xxr5-.swf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\OKsE\\vuAolxdGJNBdv7Qy.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\okse\\vuaolxdgjnbdv7qy.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\ppTk R5o9qfrpMwcdZ.avi.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\pptk r5o9qfrpmwcdz.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\sM-RZdXy7IpWC_.mkv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\sm-rzdxy7ipwc_.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\sq-y33jTJDe8y5s5Pm.flv.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\sq-y33jtjde8y5s5pm.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Users\\CIiHmnxMn6Ps\\Videos\\YctSMdD9\\vokX63XlsbhJHT0r.mp4.GDCB", "hashes": [], "norm_filename": "c:\\users\\ciihmnxmn6ps\\videos\\yctsmdd9\\vokx63xlsbhjht0r.mp4.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Windows\\system32", "hashes": [], "norm_filename": "c:\\windows\\system32", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\IconCacheRdr.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\iconcacherdr.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\IconCacheRdr65536.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\iconcacherdr65536.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\UserCache.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\usercache.bin", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Temp\\CalendarCache.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\temp\\calendarcache.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\USS.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\uss.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\USStmp.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\usstmp.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\GameDVR\\KnownGameList.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\gamedvr\\knowngamelist.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Visio\\content16.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\visio\\content16.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\UsrClass.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\usrclass.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\-369M1WtPTX1gbG.flv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\-369m1wtptx1gbg.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\2VKr21JCYqf.m4a", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\2vkr21jcyqf.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\7Myiu18iTn_ngVPG0Kx.flv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\7myiu18itn_ngvpg0kx.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\7_RurxYXMq2BTCtqr.mp3", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\7_rurxyxmq2btctqr.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\9NNryomG21wNwN.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\9nnryomg21wnwn.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\AdobeARM.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\adobearm.log", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\ArmUI.ini", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\armui.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\fY0zS5d.rtf", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\fy0zs5d.rtf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\GyoubGx88PJkao Y.mp3", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\gyoubgx88pjkao y.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\hVvFtKteq1q.mp3", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\hvvftkteq1q.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\jdLA6osJ6x3cyku_75S.avi", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\jdla6osj6x3cyku_75s.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\L0CGgz.mkv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\l0cggz.mkv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\LHNIWSJ-20171110-1726.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\lhniwsj-20171110-1726.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\MlXrhRSyH8OOfz222Dl_.pps", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\mlxrhrsyh8oofz222dl_.pps", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\NbT tZY4nGK-NKUC.mkv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nbt tzy4ngk-nkuc.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\NBtZJjP_xEPhcceVV8.m4a", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nbtzjjp_xephccevv8.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\nmK9pn0EeDdRWu.xlsx", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nmk9pn0eeddrwu.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\o h1B4ZQMyLmEA.ods", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\o h1b4zqmylmea.ods", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\pEYv.bmp", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\peyv.bmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\psXl 1.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\psxl 1.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\P_IZ n5ZsYEU.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\p_iz n5zsyeu.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\u 7QTCnd.flv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\u 7qtcnd.flv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\UwUP52bZ.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\uwup52bz.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\XFNO_BFGg.m4a", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\xfno_bfgg.m4a", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\XPAz2BfWzJmuIx.mkv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\xpaz2bfwzjmuix.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\Y5q_iSG1AAFgs9Oxw7.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\y5q_isg1aafgs9oxw7.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\YRyrD_tRBHdMGD-Z.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\yryrd_trbhdmgd-z.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\YX5UQJjrwszF5k.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\yx5uqjjrwszf5k.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Temp\\CalendarCache.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\temp\\calendarcache.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\USS.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\uss.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\USStmp.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\usstmp.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\crashpad\\settings.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\previews_opt_out.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0\\UsageLogs\\WINPROJ.EXE.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v2.0\\usagelogs\\winproj.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\ngen.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\ngen.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\mmc.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\mmc.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\NGenTask.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\ngentask.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\powershell.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\powershell.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\sdiagnhost.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\sdiagnhost.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32\\ngen.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0_32\\ngen.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32\\UsageLogs\\NGenTask.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0_32\\usagelogs\\ngentask.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\GameDVR\\KnownGameList.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\gamedvr\\knowngamelist.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\brndlog.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\brndlog.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\ie4uinit-ClearIconCache.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ie4uinit-cleariconcache.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\ie4uinit-UserConfig.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ie4uinit-userconfig.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\excel.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\excel.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officec2rclient.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officec2rclient.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officeclicktorun.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officeclicktorun.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\onenote.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\onenote.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\outlook.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\outlook.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\powerpnt.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\powerpnt.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\setup.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\setup.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\setup64.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\setup64.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\visio.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\visio.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\winproj.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\winproj.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\winword.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\winword.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplaylogo.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\ExclusionList.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\exclusionlist.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\alertIcon.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\alerticon.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\appblue.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AppWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\appwhite.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ElevatedAppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\elevatedappblue.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ElevatedAppWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\elevatedappwhite.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\Error.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\error.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ErrorPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\errorpage.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\LoadingPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\loadingpage.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\OneDriveLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\onedrivelogo.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaCritical.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotacritical.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaError.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotaerror.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaNearing.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotanearing.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ScreenshotOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\screenshotoptin.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\TestSharePage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\testsharepage.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ThirdPartyNotices.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\thirdpartynotices.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\Warning.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\warning.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\alertIcon.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\alerticon.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cache\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\Cookie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Acrobat\\DC\\ToolsSearchCacheRdr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\AcroCef\\DC\\Acrobat\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\Color\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\color\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Adobe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\adobe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\CEF\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\cef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoftedge\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\PeerDistRepub\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\peerdistrepub\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Publishers\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\publishers\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\VirtualStore\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\virtualstore\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\CEF\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\cef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\CEF\\User Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\cef\\user data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\CEF\\User Data\\Dictionaries\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\cef\\user data\\dictionaries\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Temp\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\temp\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistore\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\CrashReports\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\crashreports\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\low\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\History.IE5\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\low\\history.ie5\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v2.0\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0_32\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\credentials\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Event Viewer\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\event viewer\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\FORMS\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\forms\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\GameDVR\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\gamedvr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\InputPersonalization\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\inputpersonalization\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\OTele\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\otele\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Outlook\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\outlook\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Outlook\\Gliding\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\outlook\\gliding\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\PlayReady\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\playready\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\TaskSchedulerConfig\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\taskschedulerconfig\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\TokenBroker\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\tokenbroker\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Vault\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\vault\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Vault\\4BF4C442-9B8A-41A0-B380-DD4A704DDB28\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\vault\\4bf4c442-9b8a-41a0-b380-dd4a704ddb28\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Vault\\UserProfileRoaming\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\vault\\userprofileroaming\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Visio\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\visio\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\0\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\0\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\1024\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\1024\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\1033\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\1033\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\AppCache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\appcache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Application Shortcuts\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\application shortcuts\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Burn\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\burn\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\GameExplorer\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\gameexplorer\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\History\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\history\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\IECompatCache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\iecompatcache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\IECompatUaCache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\iecompatuacache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\IEDownloadHistory\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\iedownloadhistory\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PowerShell\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\powershell\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Ringtones\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\ringtones\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\RoamingTiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\roamingtiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\shell\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Temporary Internet Files\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\temporary internet files\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\WebCache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\webcache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Windows Anytime Upgrade\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\windows anytime upgrade\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\WinX\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\winx\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Live\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows live\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoftedge\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\SharedCacheContainers\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoftedge\\sharedcachecontainers\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\User\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoftedge\\user\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\updates\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\updates\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\updates\\E7CF176E110C211B\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\updates\\e7cf176e110c211b\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.3DBuilder_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.3dbuilder_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.aad.brokerplugin_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.AccountsControl_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.accountscontrol_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Appconnector_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.appconnector_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingFinance_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingfinance_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingNews_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingnews_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingSports_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingsports_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingWeather_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingweather_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BioEnrollment_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bioenrollment_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.getstarted_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.LockApp_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.lockapp_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftofficehub_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.net.native.framework.1.0_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.net.native.runtime.1.0_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.office.onenote_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.People_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.people_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.vclibs.140.00_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.parentalcontrols_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.shellexperiencehost_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsAlarms_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsalarms_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsCalculator_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowscalculator_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsFeedback_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsfeedback_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.xboxidentityprovider_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.ZuneMusic_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.zunemusic_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.ZuneVideo_8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.zunevideo_8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.ContactSupport_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.contactsupport_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\windows.devicesflow_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.devicesflow_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\windows.immersivecontrolpanel_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.immersivecontrolpanel_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.MiracastView_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.miracastview_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.PrintDialog_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.printdialog_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.PurchaseDialog_cw5n1h2txyewy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.purchasedialog_cw5n1h2txyewy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\windows_ie_ac_001\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows_ie_ac_001\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\PeerDistRepub\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\peerdistrepub\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Publishers\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\publishers\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Publishers\\8wekyb3d8bbwe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\publishers\\8wekyb3d8bbwe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\Database\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\database\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\VirtualStore\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\virtualstore\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\CEF\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\cef\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\CEF\\User Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\cef\\user data\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\CEF\\User Data\\Dictionaries\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\cef\\user data\\dictionaries\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Temp\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\temp\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Unistore\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistore\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\CertificateTransparency\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\certificatetransparency\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Crashpad\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\crashpad\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Crashpad\\reports\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\crashpad\\reports\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\databases\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\databases\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\data_reduction_proxy_leveldb\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extension Rules\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extension rules\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extension State\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extension state\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\IndexedDB\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\indexeddb\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIcons\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\jumplisticons\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\JumpListIconsOld\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\jumplisticonsold\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Extension Settings\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\local extension settings\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Local Storage\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\local storage\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Service Worker\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\service worker\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Session Storage\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\session storage\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\sync extension settings\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Web Applications\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\web applications\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\EVWhitelist\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\evwhitelist\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\FileTypePolicies\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\filetypepolicies\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\OriginTrials\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\origintrials\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\PepperFlash\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\pepperflash\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\pnacl\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\pnacl\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\SSLErrorAssistant\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\sslerrorassistant\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Subresource Filter\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\subresource filter\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\SwReporter\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\swreporter\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\WidevineCdm\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\widevinecdm\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\CrashReports\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\crashreports\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\History.IE5\\MSHist012018012720180128\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\history.ie5\\mshist012018012720180128\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\low\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\History\\Low\\History.IE5\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\history\\low\\history.ie5\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v2.0\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0\\UsageLogs\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v2.0\\usagelogs\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0_32\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32\\UsageLogs\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0_32\\usagelogs\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Credentials\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\credentials\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Event Viewer\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\event viewer\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds\\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds\\{5588acfd-6436-411b-a5ce-666ae6a92d3d}~\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\6YGNCJW8\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\6ygncjw8\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\FZW2QEOY\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\fzw2qeoy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\O593F7EE\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\o593f7ee\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Feeds Cache\\PJ5H3B54\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\feeds cache\\pj5h3b54\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\FORMS\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\forms\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\GameDVR\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\gamedvr\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\InputPersonalization\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\inputpersonalization\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\InputPersonalization\\TrainedDataStore\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\inputpersonalization\\traineddatastore\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DomainSuggestions\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domainsuggestions\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domstore\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\EmieBrowserModeList\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\emiebrowsermodelist\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\EmieSiteList\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\emiesitelist\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\EmieUserList\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\emieuserlist\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\iecompatdata\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IEFlipAheadCache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ieflipaheadcache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\imagestore\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\imagestore\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\recovery\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\TabRoaming\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\tabroaming\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\tiles\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\tiles\\pin-314712940\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin7226654530\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\tiles\\pin7226654530\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tracking Protection\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\tracking protection\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\versionmanager\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Sync Playlists\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\sync playlists\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Media Player\\Transcoded Files Cache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\media player\\transcoded files cache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\BackstageInAppNavCache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\backstageinappnavcache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\WebServiceCache\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\webservicecache\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\Wef\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\wef\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\Wef\\AppCommands\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\wef\\appcommands\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\OTele\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\otele\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\gdcb-decrypt.txt", "operations": [ "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\is\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\is\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\it\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\it\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\ja\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\ja\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\af\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\af\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\am-et\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\am-et\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\amd64\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\amd64\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ar\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ar\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\as-in\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\as-in\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\az-latn-az\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\az-latn-az\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\be\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\be\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\bg\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\bg\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\bn-bd\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\bn-bd\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\bn-in\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\bn-in\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\bs-latn-ba\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\bs-latn-ba\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ca\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ca\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ca-es-valencia\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ca-es-valencia\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\cs\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\cs\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\cy-gb\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\cy-gb\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\da\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\da\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\de\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\de\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\el\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\el\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\en\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\en\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\en-gb\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\en-gb\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\es\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\es\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\et\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\et\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\eu\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\eu\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\fa\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\fa\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\fi\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\fi\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\fil-ph\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\fil-ph\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\fr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\fr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ga-ie\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ga-ie\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\gd\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\gd\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\gd-latn\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\gd-latn\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\gl\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\gl\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\gu\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\gu\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ha-latn-ng\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ha-latn-ng\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\he\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\he\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\hi\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\hi\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\hr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\hr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\hu\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\hu\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\hy\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\hy\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\id\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\id\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ig-ng\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ig-ng\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\imageformats\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\imageformats\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\is\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\is\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\it\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\it\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ja\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ja\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ka\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ka\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\kk\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\kk\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\km-kh\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\km-kh\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\kn\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\kn\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ko\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ko\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\kok\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\kok\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ku-arab\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ku-arab\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ky\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ky\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\lb-lu\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\lb-lu\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\lt\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\lt\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\lv\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\lv\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\mi-nz\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\mi-nz\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\mk\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\mk\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ml-in\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ml-in\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\mn\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\mn\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\mr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\mr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ms\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ms\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\mt-mt\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\mt-mt\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\nb-no\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\nb-no\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ne-np\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ne-np\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\nl\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\nl\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\nn-no\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\nn-no\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\nso-za\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\nso-za\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\or-in\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\or-in\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\pa\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\pa\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\pa-arab\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\pa-arab\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\pa-arab-pk\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\pa-arab-pk\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\pl\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\pl\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\platforms\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\platforms\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\prs-af\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\prs-af\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\pt-br\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\pt-br\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\pt-pt\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\pt-pt\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\qml\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\qml\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\qut-latn\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\qut-latn\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\quz-pe\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quz-pe\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ro\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ro\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ru\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ru\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\rw\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\rw\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\scenegraph\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\scenegraph\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\sd-arab\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\sd-arab\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\sd-arab-pk\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\sd-arab-pk\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\si-lk\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\si-lk\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\sk\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\sk\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\sl\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\sl\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\sq\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\sq\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\sr-cyrl-ba\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\sr-cyrl-ba\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\sr-cyrl-rs\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\sr-cyrl-rs\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\sr-latn-rs\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\sr-latn-rs\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\sv\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\sv\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\sw\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\sw\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ta\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ta\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\te\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\te\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\tg\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\tg\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\tg-cyrl\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\tg-cyrl\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\th\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\th\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ti\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ti\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\tk-tm\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\tk-tm\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\tn-za\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\tn-za\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\tr\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\tr\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\tt\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\tt\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ug\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ug\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ug-arab\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ug-arab\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\uk\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\uk\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ur\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\ur\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\uz-latn-uz\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\uz-latn-uz\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\vi\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\vi\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\wo\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\wo\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\xh-za\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\xh-za\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\yo-ng\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\yo-ng\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\zh-cn\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\zh-cn\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\zh-tw\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\zh-tw\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\zu-za\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\zu-za\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\adm\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\adm\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\af\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\af\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\am-et\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\am-et\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\amd64\\\\GDCB-DECRYPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\amd64\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\appblue.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppErrorBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\apperrorblue.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppErrorWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\apperrorwhite.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\appwhite.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\autoplayoptin.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\autoplayoptin.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ElevatedAppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\elevatedappblue.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ElevatedAppWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\elevatedappwhite.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\error.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\errorpage.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\LoadingPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\loadingpage.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\OneDriveLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\onedrivelogo.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaCritical.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotacritical.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaError.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotaerror.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaNearing.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotanearing.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ScreenshotOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\screenshotoptin.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\TestSharePage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\testsharepage.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ThirdPartyNotices.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\thirdpartynotices.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\Warning.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\warning.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_121120_934-848.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_121120_934-848.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_121121_d68-ddc.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_121121_d68-ddc.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_123817_760-808.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_123817_760-808.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_123818_e38-824.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_123818_e38-824.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_133220_864-704.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_133220_864-704.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_133220_ae0-29c.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_133220_ae0-29c.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install-PerUser_2017-05-24_104601_b30-494.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install-peruser_2017-05-24_104601_b30-494.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install-PerUser_2017-07-12_164141_b14-7f0.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install-peruser_2017-07-12_164141_b14-7f0.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install-PerUser_2017-11-10_161058_b2c-b34.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install-peruser_2017-11-10_161058_b2c-b34.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-05-24_104600_528-57c.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-05-24_104600_528-57c.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-07-12_164138_904-4d0.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-07-12_164138_904-4d0.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-11-10_161055_b54-c0c.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-11-10_161055_b54-c0c.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-12_164130_2e0-2c8.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-13_111425_fe4-f74.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-13_111425_fe4-f74.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-14_075507_d98-d94.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-14_075507_d98-d94.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-19_092447_b70-3a8.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-19_092447_b70-3a8.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-21_115555_e74-e78.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-21_115555_e74-e78.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-11-10_161047_cc8-42c.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-11-10_161047_cc8-42c.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000000.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000000.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000001.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000001.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000004.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000004.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000005.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000005.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000006.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000006.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000007.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000007.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000008.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000008.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000009.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000009.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000C.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000c.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000D.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000d.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000F.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000f.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000G.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000g.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000H.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000h.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000I.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000i.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000J.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000j.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000L.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000l.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000M.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000m.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000N.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000n.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000O.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000o.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000P.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000p.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000Q.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000q.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000R.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000r.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000S.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000s.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000T.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000t.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000U.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000u.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000V.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000v.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000010.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000010.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000011.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000011.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000012.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000012.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000013.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000013.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000014.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000014.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000015.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000015.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000016.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000016.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000017.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000017.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000018.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000018.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003K.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003k.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003L.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003l.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003M.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003m.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003N.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003n.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000048.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000048.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000004U.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000004u.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Visio\\content16.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\visio\\content16.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\1033\\structuredqueryschema.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\cversions.1.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\cversions.1.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\cversions.3.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\cversions.3.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{2546D910-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{2546d910-b905-4d30-88c9-b63c603da134}.3.ver0x0000000000000001.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000033.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000033.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000034.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000034.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000035.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000035.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000012.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000012.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000013.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_1280.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_1280.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_16.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_16.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_1920.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_1920.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_256.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_256.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_2560.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_2560.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_32.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_32.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_48.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_48.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_768.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_768.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_96.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_96.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_custom_stream.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_exif.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_exif.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_idx.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_idx.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_sr.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_sr.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_wide.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_wide.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_wide_alternate.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_16.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_16.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_256.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_256.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_32.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_32.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_48.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_48.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_idx.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_idx.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\counters.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcache\\counters.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Low\\SmartScreenCache.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcache\\low\\smartscreencache.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Low\\SuggestedSites.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcache\\low\\suggestedsites.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\0I8MI595.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\0i8mi595.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\8489XH4E.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\8489xh4e.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\8JC8NM7O.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\8jc8nm7o.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\0GHTMU6X.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\0ghtmu6x.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\0MDKR34W.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\0mdkr34w.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\0Z1JIEVI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\0z1jievi.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\16DOE15M.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\16doe15m.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\16Y0X4V7.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\16y0x4v7.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1L3KU69N.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1l3ku69n.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1LFQZEOH.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1lfqzeoh.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1LLUY7B7.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1lluy7b7.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1UYN2RFY.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1uyn2rfy.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\23JC2UTD.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\23jc2utd.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\2EQ4E2OJ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\2eq4e2oj.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\2HYILE1O.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\2hyile1o.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\3RW4K76X.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\3rw4k76x.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\3VVSZ2CO.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\3vvsz2co.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4MN240WN.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4mn240wn.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4O6583I0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4o6583i0.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4YWCPPXN.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4ywcppxn.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4Z6UDYLY.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4z6udyly.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5AFMRGRY.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5afmrgry.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5ARQYMIV.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5arqymiv.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5AV8L20N.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5av8l20n.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5NWXN3UI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5nwxn3ui.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5STJ6NZL.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5stj6nzl.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5TAY54V0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5tay54v0.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5WQEGNKI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5wqegnki.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\66I0OJL8.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\66i0ojl8.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\80J4IH0Y.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\80j4ih0y.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\8FFCGS26.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\8ffcgs26.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9ABR37NL.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9abr37nl.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9IJPMFHZ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9ijpmfhz.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9M7ZHW1Q.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9m7zhw1q.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9XACNSYG.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9xacnsyg.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9Z1Y5ICI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9z1y5ici.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\A0RK8A2H.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\a0rk8a2h.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\AA2IJ7JU.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\aa2ij7ju.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\B427TFXJ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\b427tfxj.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\BK4HNAZ1.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\bk4hnaz1.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\CC7DS78R.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\cc7ds78r.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\CDGOWO27.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\cdgowo27.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\CYHYO8JD.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\cyhyo8jd.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\D9QO3KHK.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\d9qo3khk.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\DN8YUCVA.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\dn8yucva.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\DQI7WAG8.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\dqi7wag8.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\DRDF2EZX.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\drdf2ezx.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\E2KPI4ZI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\e2kpi4zi.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\E978TFRK.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\e978tfrk.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\F68MFAMN.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\f68mfamn.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FCGXHIFT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\fcgxhift.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FGTTES1V.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\fgttes1v.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FLTMVY1F.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\fltmvy1f.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FOLSAQT6.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\folsaqt6.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\GXB342YS.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\gxb342ys.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\H5LCJX1B.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\h5lcjx1b.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\HBPP9XXY.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\hbpp9xxy.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\HF8F6LU0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\hf8f6lu0.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\HTVL5WIW.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\htvl5wiw.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\ILF13HLB.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ilf13hlb.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\ISTFXHHR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\istfxhhr.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\ITD4OUAR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\itd4ouar.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\J4JSQG9R.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\j4jsqg9r.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\JQOCYKOH.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\jqocykoh.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\JWFWLAYR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\jwfwlayr.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\K8249Y1G.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\k8249y1g.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\KNJ4AJDH.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\knj4ajdh.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\L78EW25D.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\l78ew25d.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LC10XEWL.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\lc10xewl.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LVARU12Y.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\lvaru12y.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LY1NFEKN.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ly1nfekn.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LY3FDU65.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ly3fdu65.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\M19117WZ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\m19117wz.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MA5WDFBR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ma5wdfbr.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MBJX4MYA.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mbjx4mya.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MCAKE788.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mcake788.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MIL4MU1S.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mil4mu1s.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MM8KB9U2.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mm8kb9u2.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MMPF10F4.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mmpf10f4.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MOE7DCQU.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\moe7dcqu.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\NEHE4KDB.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\nehe4kdb.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\NOCAHPZ6.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\nocahpz6.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\NYCCG1AV.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\nyccg1av.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\O8FFFI2K.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\o8fffi2k.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\P778SMC9.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\p778smc9.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\PF9HBAFQ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\pf9hbafq.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\PK3I34UV.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\pk3i34uv.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\QUMCK8L4.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\qumck8l4.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RAYRHE6Z.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\rayrhe6z.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RQK5QF4L.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\rqk5qf4l.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RTEPN67M.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\rtepn67m.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RYK7X1K4.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ryk7x1k4.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\S0EK69P5.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\s0ek69p5.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\SEVCUJM3.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\sevcujm3.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\STGOZ493.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\stgoz493.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\T1LCPPSA.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\t1lcppsa.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\TCXQPY9L.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\tcxqpy9l.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\TEW946CI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\tew946ci.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\TFCJHLEI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\tfcjhlei.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\U2OYIS47.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\u2oyis47.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\U8FCPAKJ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\u8fcpakj.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UBUPNOZC.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ubupnozc.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UBXQG39X.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ubxqg39x.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UGL14QS0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ugl14qs0.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UUEVXDWP.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\uuevxdwp.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\V7NNCJHO.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\v7nncjho.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\VD3GM2DA.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\vd3gm2da.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\WPEXKTDV.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\wpexktdv.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\WUT8M1Q8.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\wut8m1q8.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\WX75TEOR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\wx75teor.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\XRS5D0N2.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\xrs5d0n2.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\XUAUK5R0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\xuauk5r0.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\Y1I415YS.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\y1i415ys.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\Y3XU5OKR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\y3xu5okr.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\OOUVZSZN.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\oouvzszn.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\TIGZFGLM.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\tigzfglm.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\XNW1G0SM.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\xnw1g0sm.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Z3FJF3OM.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\z3fjf3om.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\appdb.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\appdb.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell\\DefaultLayouts.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\shell\\defaultlayouts.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\UsrClass.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\usrclass.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\WebCache\\V01.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\webcache\\v01.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\WebCache\\V010002A.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\webcache\\v010002a.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\WebCache\\V010002B.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\webcache\\v010002b.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\WebCache\\V01tmp.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\webcache\\v01tmp.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\WebCache\\WebCacheV01.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\webcache\\webcachev01.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\settings.ini", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\settings.ini", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\-369M1WtPTX1gbG.flv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\-369m1wtptx1gbg.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\2VKr21JCYqf.m4a", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\2vkr21jcyqf.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\7Myiu18iTn_ngVPG0Kx.flv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\7myiu18itn_ngvpg0kx.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\7_RurxYXMq2BTCtqr.mp3", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\7_rurxyxmq2btctqr.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\9NNryomG21wNwN.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\9nnryomg21wnwn.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\AdobeARM.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\adobearm.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\fY0zS5d.rtf", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\fy0zs5d.rtf", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\GyoubGx88PJkao Y.mp3", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\gyoubgx88pjkao y.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\hVvFtKteq1q.mp3", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\hvvftkteq1q.mp3", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\jdLA6osJ6x3cyku_75S.avi", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\jdla6osj6x3cyku_75s.avi", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\L0CGgz.mkv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\l0cggz.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\LHNIWSJ-20171110-1726.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\lhniwsj-20171110-1726.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\MlXrhRSyH8OOfz222Dl_.pps", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\mlxrhrsyh8oofz222dl_.pps", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\NbT tZY4nGK-NKUC.mkv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nbt tzy4ngk-nkuc.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\NBtZJjP_xEPhcceVV8.m4a", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nbtzjjp_xephccevv8.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\nmK9pn0EeDdRWu.xlsx", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nmk9pn0eeddrwu.xlsx", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\o h1B4ZQMyLmEA.ods", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\o h1b4zqmylmea.ods", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\psXl 1.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\psxl 1.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\P_IZ n5ZsYEU.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\p_iz n5zsyeu.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\u 7QTCnd.flv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\u 7qtcnd.flv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\UwUP52bZ.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\uwup52bz.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\XFNO_BFGg.m4a", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\xfno_bfgg.m4a", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\XPAz2BfWzJmuIx.mkv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\xpaz2bfwzjmuix.mkv", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\Y5q_iSG1AAFgs9Oxw7.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\y5q_isg1aafgs9oxw7.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\YRyrD_tRBHdMGD-Z.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\yryrd_trbhdmgd-z.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\YX5UQJjrwszF5k.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\yx5uqjjrwszf5k.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\counters.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\counters.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\SmartScreenCache.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\smartscreencache.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\SuggestedSites.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\suggestedsites.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\Database\\EDB.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\database\\edb.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\Database\\EDB00004.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\database\\edb00004.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\Database\\EDBtmp.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\database\\edbtmp.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\Database\\vedatamodel.edb", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\database\\vedatamodel.edb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\crashpad\\settings.dat", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\databases\\Databases.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\databases\\databases.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extension rules\\000003.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extension state\\000003.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\previews_opt_out.db", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Session Storage\\000004.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\session storage\\000004.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0\\UsageLogs\\WINPROJ.EXE.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v2.0\\usagelogs\\winproj.exe.log", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\mmc.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\mmc.exe.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\NGenTask.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\ngentask.exe.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\powershell.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\powershell.exe.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\sdiagnhost.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\sdiagnhost.exe.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32\\UsageLogs\\NGenTask.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0_32\\usagelogs\\ngentask.exe.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\GameDVR\\KnownGameList.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\gamedvr\\knowngamelist.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\brndlog.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\brndlog.txt", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.1", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domainsuggestions\\en-us.1", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\52UK17NV\\www.google[1].xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domstore\\52uk17nv\\www.google[1].xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\L8OQST1L\\consent.google[1].xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domstore\\l8oqst1l\\consent.google[1].xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\ie4uinit-ClearIconCache.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ie4uinit-cleariconcache.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\ie4uinit-UserConfig.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ie4uinit-userconfig.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData\\iecompatdata.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\iecompatdata\\iecompatdata.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\imagestore\\sl72e5n\\imagestore.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\imagestore\\sl72e5n\\imagestore.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\RecoveryStore.{63E26EB7-6816-11E7-9BD2-C40142ECDE47}.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\recovery\\last active\\recoverystore.{63e26eb7-6816-11e7-9bd2-c40142ecde47}.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{DAB3814F-C5D5-11E7-9BDA-C40142ECDE47}.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\recovery\\last active\\{dab3814f-c5d5-11e7-9bda-c40142ecde47}.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940\\msapplication.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\tiles\\pin-314712940\\msapplication.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager\\versionlist.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\versionmanager\\versionlist.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\excel.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\excel.exe_rules.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officec2rclient.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officec2rclient.exe_rules.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officeclicktorun.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officeclicktorun.exe_rules.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\onenote.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\onenote.exe_rules.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\outlook.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\outlook.exe_rules.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\powerpnt.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\powerpnt.exe_rules.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\setup.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\setup.exe_rules.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\setup64.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\setup64.exe_rules.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\visio.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\visio.exe_rules.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\winproj.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\winproj.exe_rules.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\winword.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\winword.exe_rules.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplaylogo.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\ExclusionList.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\exclusionlist.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplaylogo.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplayoptin.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplayoptin.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ExclusionList.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\exclusionlist.xml", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\alertIcon.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\alerticon.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\appblue.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AppWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\appwhite.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.gif", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ElevatedAppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\elevatedappblue.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ElevatedAppWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\elevatedappwhite.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\Error.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\error.png", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\IconCacheRdr.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\iconcacherdr.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\IconCacheRdr65536.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\iconcacherdr65536.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\UserCache.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\usercache.bin", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Temp\\CalendarCache.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\temp\\calendarcache.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\USS.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\uss.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\USStmp.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\usstmp.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\GameDVR\\KnownGameList.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\gamedvr\\knowngamelist.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Visio\\content16.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\visio\\content16.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\UsrClass.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\usrclass.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\-369M1WtPTX1gbG.flv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\-369m1wtptx1gbg.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\2VKr21JCYqf.m4a", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\2vkr21jcyqf.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\7Myiu18iTn_ngVPG0Kx.flv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\7myiu18itn_ngvpg0kx.flv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\7_RurxYXMq2BTCtqr.mp3", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\7_rurxyxmq2btctqr.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\9NNryomG21wNwN.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\9nnryomg21wnwn.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\AdobeARM.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\adobearm.log", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\ArmUI.ini", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\armui.ini", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\fY0zS5d.rtf", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\fy0zs5d.rtf", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\GyoubGx88PJkao Y.mp3", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\gyoubgx88pjkao y.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\hVvFtKteq1q.mp3", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\hvvftkteq1q.mp3", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\jdLA6osJ6x3cyku_75S.avi", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\jdla6osj6x3cyku_75s.avi", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\L0CGgz.mkv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\l0cggz.mkv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\LHNIWSJ-20171110-1726.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\lhniwsj-20171110-1726.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\MlXrhRSyH8OOfz222Dl_.pps", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\mlxrhrsyh8oofz222dl_.pps", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\NbT tZY4nGK-NKUC.mkv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nbt tzy4ngk-nkuc.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\NBtZJjP_xEPhcceVV8.m4a", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nbtzjjp_xephccevv8.m4a", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\nmK9pn0EeDdRWu.xlsx", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nmk9pn0eeddrwu.xlsx", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\o h1B4ZQMyLmEA.ods", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\o h1b4zqmylmea.ods", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\pEYv.bmp", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\peyv.bmp", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\psXl 1.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\psxl 1.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\P_IZ n5ZsYEU.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\p_iz n5zsyeu.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\u 7QTCnd.flv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\u 7qtcnd.flv", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\UwUP52bZ.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\uwup52bz.gif", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\XFNO_BFGg.m4a", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\xfno_bfgg.m4a", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\XPAz2BfWzJmuIx.mkv", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\xpaz2bfwzjmuix.mkv", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\Y5q_iSG1AAFgs9Oxw7.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\y5q_isg1aafgs9oxw7.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\YRyrD_tRBHdMGD-Z.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\yryrd_trbhdmgd-z.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\YX5UQJjrwszF5k.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\yx5uqjjrwszf5k.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Temp\\CalendarCache.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\temp\\calendarcache.dat", "operations": [ "access", "read", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\USS.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\uss.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\USStmp.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\usstmp.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\crashpad\\settings.dat", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\previews_opt_out.db", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0\\UsageLogs\\WINPROJ.EXE.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v2.0\\usagelogs\\winproj.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\ngen.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\ngen.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\mmc.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\mmc.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\NGenTask.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\ngentask.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\powershell.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\powershell.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\sdiagnhost.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\sdiagnhost.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32\\ngen.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0_32\\ngen.log", "operations": [ "access", "read" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32\\UsageLogs\\NGenTask.exe.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0_32\\usagelogs\\ngentask.exe.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\GameDVR\\KnownGameList.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\gamedvr\\knowngamelist.bin", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\brndlog.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\brndlog.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\ie4uinit-ClearIconCache.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ie4uinit-cleariconcache.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\ie4uinit-UserConfig.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ie4uinit-userconfig.log", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\excel.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\excel.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officec2rclient.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officec2rclient.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officeclicktorun.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officeclicktorun.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\onenote.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\onenote.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\outlook.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\outlook.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\powerpnt.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\powerpnt.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\setup.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\setup.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\setup64.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\setup64.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\visio.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\visio.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\winproj.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\winproj.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\winword.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\winword.exe_rules.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplaylogo.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\ExclusionList.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\exclusionlist.xml", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\alertIcon.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\alerticon.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\appblue.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AppWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\appwhite.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ElevatedAppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\elevatedappblue.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ElevatedAppWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\elevatedappwhite.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\Error.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\error.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ErrorPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\errorpage.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\LoadingPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\loadingpage.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\OneDriveLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\onedrivelogo.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaCritical.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotacritical.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaError.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotaerror.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaNearing.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotanearing.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ScreenshotOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\screenshotoptin.gif", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\TestSharePage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\testsharepage.html", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ThirdPartyNotices.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\thirdpartynotices.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\Warning.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\warning.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\alertIcon.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\alerticon.png", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ErrorPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\errorpage.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\cloud.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\cloud.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\folder.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\folder.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\loading.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\loading.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\settings.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\settings.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\LoadingPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\loadingpage.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\OneDriveLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\onedrivelogo.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaCritical.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotacritical.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaError.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotaerror.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaNearing.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotanearing.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ScreenshotOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\screenshotoptin.gif", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\TestSharePage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\testsharepage.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\Warning.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\warning.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\alertIcon.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\alerticon.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\appblue.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppErrorBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\apperrorblue.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppErrorWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\apperrorwhite.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\appwhite.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\autoplayoptin.gif", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\autoplayoptin.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ElevatedAppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\elevatedappblue.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\error.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\errorpage.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\blurrect.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\blurrect.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\chevron.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\chevron.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\cloud.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\cloud.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\loading.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\loading.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\settings.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\settings.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\signIn.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\signin.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\LoadingPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\loadingpage.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\OneDriveLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\onedrivelogo.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaCritical.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotacritical.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaError.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotaerror.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaNearing.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotanearing.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ScreenshotOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\screenshotoptin.gif", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\TestSharePage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\testsharepage.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\Warning.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\warning.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\standaloneupdater\\update.xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000000.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000000.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000001.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000001.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000004.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000004.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000005.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000005.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000006.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000006.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000007.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000007.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000008.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000008.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000009.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000009.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000C.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000c.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000D.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000d.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000F.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000f.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000G.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000g.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000H.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000h.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000I.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000i.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000J.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000j.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000L.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000l.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000M.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000m.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000N.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000n.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000O.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000o.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000P.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000p.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000Q.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000q.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000R.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000r.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000S.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000s.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000T.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000t.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000U.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000u.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000V.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000v.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000010.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000010.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000011.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000011.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000012.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000012.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000013.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000013.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000014.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000014.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000015.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000015.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000016.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000016.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000017.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000017.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000018.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000018.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003K.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003k.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003L.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003l.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003M.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003m.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003N.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003n.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000048.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000048.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000004U.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000004u.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\1033\\structuredqueryschema.bin", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\cversions.1.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\cversions.1.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\cversions.3.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\cversions.3.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_1280.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_1280.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_16.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_16.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_1920.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_1920.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_2560.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_2560.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_768.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_768.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_96.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_96.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_custom_stream.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_exif.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_exif.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_sr.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_sr.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_wide.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_wide.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Low\\SmartScreenCache.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcache\\low\\smartscreencache.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Low\\SuggestedSites.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcache\\low\\suggestedsites.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\0I8MI595.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\0i8mi595.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\8489XH4E.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\8489xh4e.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\8JC8NM7O.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\8jc8nm7o.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\0GHTMU6X.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\0ghtmu6x.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\0MDKR34W.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\0mdkr34w.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\0Z1JIEVI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\0z1jievi.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\16DOE15M.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\16doe15m.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\16Y0X4V7.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\16y0x4v7.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1L3KU69N.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1l3ku69n.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1LFQZEOH.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1lfqzeoh.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1LLUY7B7.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1lluy7b7.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1UYN2RFY.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1uyn2rfy.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\23JC2UTD.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\23jc2utd.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\2EQ4E2OJ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\2eq4e2oj.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\2HYILE1O.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\2hyile1o.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\3RW4K76X.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\3rw4k76x.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\3VVSZ2CO.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\3vvsz2co.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4MN240WN.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4mn240wn.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4O6583I0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4o6583i0.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4YWCPPXN.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4ywcppxn.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4Z6UDYLY.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4z6udyly.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5AFMRGRY.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5afmrgry.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5ARQYMIV.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5arqymiv.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5AV8L20N.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5av8l20n.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5NWXN3UI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5nwxn3ui.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5STJ6NZL.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5stj6nzl.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5TAY54V0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5tay54v0.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5WQEGNKI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5wqegnki.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\66I0OJL8.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\66i0ojl8.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\80J4IH0Y.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\80j4ih0y.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\8FFCGS26.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\8ffcgs26.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9ABR37NL.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9abr37nl.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9IJPMFHZ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9ijpmfhz.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9M7ZHW1Q.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9m7zhw1q.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9XACNSYG.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9xacnsyg.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9Z1Y5ICI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9z1y5ici.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\A0RK8A2H.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\a0rk8a2h.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\AA2IJ7JU.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\aa2ij7ju.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\B427TFXJ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\b427tfxj.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\BK4HNAZ1.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\bk4hnaz1.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\CC7DS78R.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\cc7ds78r.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\CDGOWO27.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\cdgowo27.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\CYHYO8JD.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\cyhyo8jd.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\D9QO3KHK.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\d9qo3khk.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\DN8YUCVA.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\dn8yucva.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\DQI7WAG8.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\dqi7wag8.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\DRDF2EZX.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\drdf2ezx.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\E2KPI4ZI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\e2kpi4zi.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\E978TFRK.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\e978tfrk.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\F68MFAMN.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\f68mfamn.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FCGXHIFT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\fcgxhift.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FGTTES1V.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\fgttes1v.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FLTMVY1F.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\fltmvy1f.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FOLSAQT6.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\folsaqt6.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\GXB342YS.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\gxb342ys.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\H5LCJX1B.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\h5lcjx1b.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\HBPP9XXY.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\hbpp9xxy.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\HF8F6LU0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\hf8f6lu0.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\HTVL5WIW.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\htvl5wiw.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\ILF13HLB.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ilf13hlb.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\ISTFXHHR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\istfxhhr.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\ITD4OUAR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\itd4ouar.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\J4JSQG9R.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\j4jsqg9r.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\JQOCYKOH.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\jqocykoh.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\JWFWLAYR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\jwfwlayr.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\K8249Y1G.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\k8249y1g.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\KNJ4AJDH.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\knj4ajdh.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\L78EW25D.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\l78ew25d.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LC10XEWL.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\lc10xewl.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LVARU12Y.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\lvaru12y.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LY1NFEKN.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ly1nfekn.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LY3FDU65.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ly3fdu65.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\M19117WZ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\m19117wz.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MA5WDFBR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ma5wdfbr.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MBJX4MYA.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mbjx4mya.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MCAKE788.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mcake788.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MIL4MU1S.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mil4mu1s.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MM8KB9U2.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mm8kb9u2.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MMPF10F4.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mmpf10f4.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MOE7DCQU.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\moe7dcqu.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\NEHE4KDB.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\nehe4kdb.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\NOCAHPZ6.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\nocahpz6.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\NYCCG1AV.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\nyccg1av.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\O8FFFI2K.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\o8fffi2k.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\P778SMC9.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\p778smc9.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\PF9HBAFQ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\pf9hbafq.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\PK3I34UV.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\pk3i34uv.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\QUMCK8L4.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\qumck8l4.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RAYRHE6Z.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\rayrhe6z.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RQK5QF4L.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\rqk5qf4l.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RTEPN67M.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\rtepn67m.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RYK7X1K4.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ryk7x1k4.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\S0EK69P5.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\s0ek69p5.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\SEVCUJM3.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\sevcujm3.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\STGOZ493.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\stgoz493.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\T1LCPPSA.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\t1lcppsa.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\TCXQPY9L.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\tcxqpy9l.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\TEW946CI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\tew946ci.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\TFCJHLEI.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\tfcjhlei.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\U2OYIS47.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\u2oyis47.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\U8FCPAKJ.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\u8fcpakj.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UBUPNOZC.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ubupnozc.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UBXQG39X.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ubxqg39x.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UGL14QS0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ugl14qs0.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UUEVXDWP.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\uuevxdwp.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\V7NNCJHO.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\v7nncjho.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\VD3GM2DA.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\vd3gm2da.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\WPEXKTDV.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\wpexktdv.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\WUT8M1Q8.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\wut8m1q8.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\WX75TEOR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\wx75teor.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\XRS5D0N2.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\xrs5d0n2.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\XUAUK5R0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\xuauk5r0.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\Y1I415YS.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\y1i415ys.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\Y3XU5OKR.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\y3xu5okr.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\OOUVZSZN.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\oouvzszn.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\TIGZFGLM.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\tigzfglm.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\XNW1G0SM.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\xnw1g0sm.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Z3FJF3OM.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\z3fjf3om.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\179e8db5.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\179e8db5.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\1ba49cb8.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\1ba49cb8.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\1f43fcc4.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\1f43fcc4.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\3d12749e.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\3d12749e.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\4929c482.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\4929c482.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\52572b1f.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\52572b1f.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\6b492b11.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\6b492b11.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\7a7d9912.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\7a7d9912.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\7fe97f77.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\7fe97f77.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\9c14e2ad.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\9c14e2ad.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a229ed41.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a229ed41.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a271c2fa.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a271c2fa.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a2e35824.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a2e35824.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\cc2f5fc7.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\cc2f5fc7.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\cf6a15d.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\cf6a15d.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\da8e59e.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\da8e59e.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\eae01907.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\eae01907.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f466753.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f466753.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f4b839c7.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f4b839c7.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f67a62c3.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f67a62c3.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f76d6757.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f76d6757.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f7f275e5.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f7f275e5.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\fb970b75.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\fb970b75.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\fc14e05c.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\fc14e05c.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1079934665\\2034961148.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1079934665\\2034961148.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1605653898\\4275773285.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1605653898\\4275773285.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1978304864\\923683402.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1978304864\\923683402.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2107319684\\2467780804.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2107319684\\2467780804.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\226732975\\2698495915.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\226732975\\2698495915.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2570292521\\231755001.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2570292521\\231755001.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2577507833\\3967450640.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2577507833\\3967450640.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2646675675\\806068533.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2646675675\\806068533.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3053798886\\3825186184.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3053798886\\3825186184.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3295484897\\2504515037.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3295484897\\2504515037.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3375042201\\1858609885.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3375042201\\1858609885.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3530508098\\2495906576.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3530508098\\2495906576.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3705566220\\624664733.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3705566220\\624664733.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3779757838\\1034590242.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3779757838\\1034590242.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3782802250\\2924287686.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3782802250\\2924287686.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\860568095\\965632691.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\860568095\\965632691.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell\\DefaultLayouts.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\shell\\defaultlayouts.xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\WebCache\\V010002A.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\webcache\\v010002a.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\WebCache\\V010002B.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\webcache\\v010002b.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\settings.ini", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\settings.ini", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\SmartScreenCache.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\smartscreencache.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\SuggestedSites.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\suggestedsites.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\Database\\EDB00004.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\database\\edb00004.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\Database\\EDBtmp.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\database\\edbtmp.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\databases\\Databases.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\databases\\databases.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extension rules\\000003.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extension state\\000003.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\previews_opt_out.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\000003.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\service worker\\database\\000003.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Session Storage\\000004.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\session storage\\000004.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.1", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domainsuggestions\\en-us.1", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\52UK17NV\\www.google[1].xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domstore\\52uk17nv\\www.google[1].xml", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\L8OQST1L\\consent.google[1].xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domstore\\l8oqst1l\\consent.google[1].xml", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\ie4uinit-ClearIconCache.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ie4uinit-cleariconcache.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\ie4uinit-UserConfig.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ie4uinit-userconfig.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData\\iecompatdata.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\iecompatdata\\iecompatdata.xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\imagestore\\sl72e5n\\imagestore.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\imagestore\\sl72e5n\\imagestore.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940\\msapplication.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\tiles\\pin-314712940\\msapplication.xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager\\versionlist.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\versionmanager\\versionlist.xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officec2rclient.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officec2rclient.exe_rules.xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officeclicktorun.exe_Rules.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officeclicktorun.exe_rules.xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplaylogo.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.gif", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\ExclusionList.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\exclusionlist.xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplaylogo.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplayoptin.gif", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplayoptin.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ExclusionList.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\exclusionlist.xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.gif", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ElevatedAppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\elevatedappblue.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ElevatedAppWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\elevatedappwhite.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\acmDismissIcon.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\acmdismissicon.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\cloud.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\cloud.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\errorIcon.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\erroricon.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\folder.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\folder.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\iceBucket.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\icebucket.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\loading.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\loading.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\onDemandFiles.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\ondemandfiles.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\onDemandSelectiveSync.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\ondemandselectivesync.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\onedrivePremium.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\onedrivepremium.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\partiallyFreezing.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\partiallyfreezing.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\settings.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\settings.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\settingsdisabled.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\settingsdisabled.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\stackedIceCubes.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\stackedicecubes.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\waterGlass.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\waterglass.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\LoadingPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\loadingpage.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\OneDriveLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\onedrivelogo.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaCritical.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotacritical.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaNearing.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotanearing.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ScreenshotOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\screenshotoptin.gif", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\TestSharePage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\testsharepage.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ThirdPartyNotices.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\thirdpartynotices.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppErrorBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\apperrorblue.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppErrorWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\apperrorwhite.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AutoPlayOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\autoplayoptin.gif", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AutoPlayOptIn.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\autoplayoptin.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ElevatedAppBlue.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\elevatedappblue.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ElevatedAppWhite.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\elevatedappwhite.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\acmDismissIcon.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\acmdismissicon.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\blurrect.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\blurrect.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\checkmark_finished.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\checkmark_finished.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\checkmark_hovered.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\checkmark_hovered.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\checkmark_in_progress.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\checkmark_in_progress.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\checkmark_selected.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\checkmark_selected.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\chevron.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\chevron.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\chevronUp.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\chevronup.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\cloud.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\cloud.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\done_graphic.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\done_graphic.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\errorIcon.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\erroricon.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder_image_desktop.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder_image_desktop.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder_image_documents.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder_image_documents.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder_image_pictures.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder_image_pictures.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\iceBucket.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\icebucket.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\loading.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\loading.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\loading_spinner.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\loading_spinner.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onDemandFiles.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\ondemandfiles.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onDemandFilesDehydrate.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\ondemandfilesdehydrate.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onDemandSelectiveSync.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\ondemandselectivesync.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onedrivePremium.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\onedrivepremium.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\overflowIcon.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\overflowicon.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\overflowIconWhite.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\overflowiconwhite.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\partiallyFreezing.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\partiallyfreezing.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\settings.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\settings.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\settingsdisabled.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\settingsdisabled.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\signIn.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\signin.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\stackedIceCubes.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\stackedicecubes.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\waterGlass.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\waterglass.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\LoadingPage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\loadingpage.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\OneDriveLogo.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\onedrivelogo.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaCritical.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotacritical.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaNearing.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotanearing.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ScreenshotOptIn.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\screenshotoptin.gif", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\TestSharePage.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\testsharepage.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ThirdPartyNotices.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\thirdpartynotices.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_121120_934-848.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_121120_934-848.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_121121_d68-ddc.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_121121_d68-ddc.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_123817_760-808.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_123817_760-808.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_123818_e38-824.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_123818_e38-824.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_133220_864-704.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_133220_864-704.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_133220_ae0-29c.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_133220_ae0-29c.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-05-24_104600_528-57c.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-05-24_104600_528-57c.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-07-12_164138_904-4d0.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-07-12_164138_904-4d0.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-11-10_161055_b54-c0c.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-11-10_161055_b54-c0c.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_256.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_256.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_32.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_32.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_48.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_48.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_custom_stream.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_idx.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_idx.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_wide_alternate.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_1280.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_1280.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_16.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_16.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_1920.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_1920.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_256.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_256.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_2560.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_2560.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_32.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_32.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_768.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_768.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_96.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_96.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_custom_stream.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_custom_stream.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_exif.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_exif.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_sr.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_wide.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_wide.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_wide_alternate.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_wide_alternate.db", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Low\\SmartScreenCache.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcache\\low\\smartscreencache.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\179e8db5.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\179e8db5.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\1ba49cb8.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\1ba49cb8.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\1f43fcc4.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\1f43fcc4.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\3d12749e.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\3d12749e.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\4929c482.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\4929c482.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\52572b1f.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\52572b1f.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\6b492b11.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\6b492b11.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\7a7d9912.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\7a7d9912.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\7fe97f77.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\7fe97f77.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\9c14e2ad.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\9c14e2ad.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a229ed41.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a229ed41.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a271c2fa.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a271c2fa.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a2e35824.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a2e35824.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\cc2f5fc7.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\cc2f5fc7.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\cf6a15d.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\cf6a15d.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\da8e59e.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\da8e59e.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\eae01907.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\eae01907.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f466753.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f466753.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f4b839c7.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f4b839c7.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f67a62c3.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f67a62c3.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f76d6757.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f76d6757.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f7f275e5.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f7f275e5.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\fb970b75.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\fb970b75.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\fc14e05c.jpg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\fc14e05c.jpg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1079934665\\2034961148.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1079934665\\2034961148.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1605653898\\4275773285.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1605653898\\4275773285.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1978304864\\923683402.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1978304864\\923683402.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2107319684\\2467780804.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2107319684\\2467780804.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\226732975\\2698495915.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\226732975\\2698495915.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2570292521\\231755001.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2570292521\\231755001.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2577507833\\3967450640.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2577507833\\3967450640.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2646675675\\806068533.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2646675675\\806068533.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3053798886\\3825186184.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3053798886\\3825186184.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3295484897\\2504515037.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3295484897\\2504515037.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3375042201\\1858609885.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3375042201\\1858609885.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3530508098\\2495906576.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3530508098\\2495906576.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3705566220\\624664733.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3705566220\\624664733.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3779757838\\1034590242.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3779757838\\1034590242.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3782802250\\2924287686.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3782802250\\2924287686.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\860568095\\965632691.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\860568095\\965632691.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Windows Anytime Upgrade\\Upgrade_dism.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\windows anytime upgrade\\upgrade_dism.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\index.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\cache2\\index.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\directoryLinks.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\directorylinks.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\OfflineCache\\index.sqlite", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\offlinecache\\index.sqlite", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.3DBuilder_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.3dbuilder_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.AccountsControl_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.accountscontrol_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Appconnector_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.appconnector_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingFinance_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingfinance_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingNews_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingnews_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingSports_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingsports_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingWeather_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingweather_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BioEnrollment_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bioenrollment_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.getstarted_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.LockApp_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.lockapp_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.office.onenote_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.People_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.people_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.vclibs.140.00_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsAlarms_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsalarms_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsFeedback_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsfeedback_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.ZuneMusic_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.zunemusic_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.ZuneVideo_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.zunevideo_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.ContactSupport_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.contactsupport_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\windows.devicesflow_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.devicesflow_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.MiracastView_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.miracastview_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.PrintDialog_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.printdialog_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.PurchaseDialog_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.purchasedialog_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\000003.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\service worker\\database\\000003.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\L8OQST1L\\consent.google[1].xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domstore\\l8oqst1l\\consent.google[1].xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\onDemandSelectiveSync.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\ondemandselectivesync.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\checkmark_in_progress.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\checkmark_in_progress.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder_image_documents.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder_image_documents.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder_image_pictures.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder_image_pictures.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onDemandFilesDehydrate.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\ondemandfilesdehydrate.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onDemandSelectiveSync.svg", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\ondemandselectivesync.svg", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install-PerUser_2017-05-24_104601_b30-494.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install-peruser_2017-05-24_104601_b30-494.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install-PerUser_2017-07-12_164141_b14-7f0.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install-peruser_2017-07-12_164141_b14-7f0.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install-PerUser_2017-11-10_161058_b2c-b34.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install-peruser_2017-11-10_161058_b2c-b34.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-05-24_104600_528-57c.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-05-24_104600_528-57c.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-07-12_164138_904-4d0.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-07-12_164138_904-4d0.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-11-10_161055_b54-c0c.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-11-10_161055_b54-c0c.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-12_164130_2e0-2c8.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-13_111425_fe4-f74.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-13_111425_fe4-f74.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-14_075507_d98-d94.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-14_075507_d98-d94.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-19_092447_b70-3a8.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-19_092447_b70-3a8.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-21_115555_e74-e78.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-21_115555_e74-e78.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-11-10_161047_cc8-42c.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-11-10_161047_cc8-42c.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{219D4102-8477-4DA3-B68D-CBEB50436A31}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{219d4102-8477-4da3-b68d-cbeb50436a31}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{3142F004-AD96-48E4-B756-4D6F73D1B9C8}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{3142f004-ad96-48e4-b756-4d6f73d1b9c8}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{46F14CBA-A8C3-4AB0-8748-F3A8C35622B4}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{46f14cba-a8c3-4ab0-8748-f3a8c35622b4}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{5C217167-4731-4AFD-B181-6274E3DFBF25}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{5c217167-4731-4afd-b181-6274e3dfbf25}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{708686A3-2087-4B70-81FB-7F608AD7F5D4}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{708686a3-2087-4b70-81fb-7f608ad7f5d4}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{A90EDA99-693C-4259-AF53-D06F3BBAEEAB}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{a90eda99-693c-4259-af53-d06f3bbaeeab}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{A95B47FD-465D-4ACE-A006-DCCC9033E6DB}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{a95b47fd-465d-4ace-a006-dccc9033e6db}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{AE613841-F649-4CD7-AF4A-2E7B7D99E12E}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{ae613841-f649-4cd7-af4a-2e7b7d99e12e}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{B5D14E8C-339B-4360-B40C-A274F460B417}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{b5d14e8c-339b-4360-b40c-a274f460b417}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{B6815740-F01E-4E9E-AA05-D3CDE47C3DDC}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{b6815740-f01e-4e9e-aa05-d3cde47c3ddc}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{C20F58C1-CDD0-45F9-9954-BDF0782633CB}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{c20f58c1-cdd0-45f9-9954-bdf0782633cb}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{CE4E71D0-F1F5-4983-B2E3-40DB737B9226}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{ce4e71d0-f1f5-4983-b2e3-40db737b9226}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{D1CC3A2E-2BC2-4715-AD4C-90B4CA0868C0}.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{d1cc3a2e-2bc2-4715-ad4c-90b4ca0868c0}.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat\\IECompatData.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompat\\iecompatdata.xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\OfflineCache\\index.sqlite", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\offlinecache\\index.sqlite", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.aad.brokerplugin_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.AccountsControl_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.accountscontrol_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access", "write" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Appconnector_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.appconnector_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingFinance_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingfinance_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingWeather_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingweather_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BioEnrollment_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bioenrollment_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\1143SFPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\1143sfpt.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\1HP9XSYA.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\1hp9xsya.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\205ESPV2.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\205espv2.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Y51OCFZ0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\y51ocfz0.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\edb.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\edb.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftofficehub_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.net.native.framework.1.0_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.net.native.runtime.1.0_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.office.onenote_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.vclibs.140.00_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\12\\zinc[1].htm", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\12\\zinc[1].htm", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\045d3532[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\045d3532[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\1cc152ef[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\1cc152ef[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\3c99c1b4[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\3c99c1b4[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\3e533cad[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\3e533cad[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\4b55922b[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\4b55922b[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\613fadbe[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\613fadbe[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\69d5af3a[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\69d5af3a[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8590ff3b[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8590ff3b[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8636b4dd[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8636b4dd[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8925e2fd[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8925e2fd[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\916eb510[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\916eb510[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\a282b3bf[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\a282b3bf[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\bb5c331f[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\bb5c331f[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\ca2ffdc0[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\ca2ffdc0[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\e48237f6[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\e48237f6[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\Init[1].htm", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\init[1].htm", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\5\\zinc[1].htm", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\5\\zinc[1].htm", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\6\\zinc[1].htm", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\6\\zinc[1].htm", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCookies\\LVKKMMVN.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\inetcookies\\lvkkmmvn.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCookies\\QX3BSDJD.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\inetcookies\\qx3bsdjd.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb00037.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb00037.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb00038.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb00038.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb00039.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb00039.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb0003A.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb0003a.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb0003B.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb0003b.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb0003C.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb0003c.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edbtmp.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edbtmp.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\IndexedDB.edb", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\indexeddb.edb", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.parentalcontrols_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite-shm", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite-shm", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite-wal", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite-wal", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsAlarms_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsalarms_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsCalculator_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowscalculator_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsFeedback_cw5n1h2txyewy\\LocalState\\_sessionState.xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsfeedback_cw5n1h2txyewy\\localstate\\_sessionstate.xml", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsFeedback_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsfeedback_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.xboxidentityprovider_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.ContactSupport_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.contactsupport_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\windows.immersivecontrolpanel_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.immersivecontrolpanel_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.PurchaseDialog_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.purchasedialog_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\manifest.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\manifest.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\page_embed_script.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\page_embed_script.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.com_0.indexeddb.leveldb\\000003.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\indexeddb\\https_www.google.com_0.indexeddb.leveldb\\000003.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.de_0.indexeddb.leveldb\\000003.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\indexeddb\\https_www.google.de_0.indexeddb.leveldb\\000003.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{DAB3814F-C5D5-11E7-9BDA-C40142ECDE47}.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\recovery\\last active\\{dab3814f-c5d5-11e7-9bda-c40142ecde47}.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{2546D910-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{2546d910-b905-4d30-88c9-b63c603da134}.3.ver0x0000000000000001.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000033.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000033.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000034.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000034.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000035.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000035.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000012.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000012.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000013.db", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\0e292d2be40784b709a96299f7f56c4c.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\0e292d2be40784b709a96299f7f56c4c.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\28c9257769b2913b70283ca4759e2034.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\28c9257769b2913b70283ca4759e2034.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\2bf8db03609478000e25532b94a93e81.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\2bf8db03609478000e25532b94a93e81.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\5d432dc88d56856d87faecfa9b48853b.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\5d432dc88d56856d87faecfa9b48853b.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\77ec32dc2bee35c0b759503a76ed5b66.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\77ec32dc2bee35c0b759503a76ed5b66.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\b6dc1948244e7e4562c9356a0052d7af.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\b6dc1948244e7e4562c9356a0052d7af.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\e214427ea25af5774381fe2c2582382e.png", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\e214427ea25af5774381fe2c2582382e.png", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\Microsoft\\Windows\\1605653898\\4275773285.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoft\\windows\\1605653898\\4275773285.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\1ZJA02JO.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\1zja02jo.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\268TPJIA.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\268tpjia.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\6KWA3R8C.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\6kwa3r8c.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\85DGK2J5.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\85dgk2j5.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\FPNDV7T3.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\fpndv7t3.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\J9KFLZDX.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\j9kflzdx.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\JN00AKV9.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\jn00akv9.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\OR8K8VRM.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\or8k8vrm.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\TK0LXHBL.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\tk0lxhbl.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\VC62GJSF.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\vc62gjsf.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\VSMDVD55.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\vsmdvd55.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\51TU1403.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\51tu1403.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\5GJKP08H.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\5gjkp08h.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\6NQ9V8CD.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\6nq9v8cd.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\JZ1UUUP9.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\jz1uuup9.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\KW0ULAFV.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\kw0ulafv.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\SW6Z4AI1.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\sw6z4ai1.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\TU6XBKFE.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\tu6xbkfe.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\U9PT9V3Q.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\u9pt9v3q.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\Microsoft\\Windows\\1605653898\\4275773285.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoft\\windows\\1605653898\\4275773285.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\1143SFPT.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\1143sfpt.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\1HP9XSYA.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\1hp9xsya.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\205ESPV2.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\205espv2.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Y51OCFZ0.txt", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\y51ocfz0.txt", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\CortanaAssist\\AllowList.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cortanaassist\\allowlist.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default\\DomainSuggestions\\en-US.1", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\user\\default\\domainsuggestions\\en-us.1", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\edb.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\edb.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\edbtmp.log", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\edbtmp.log", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\IndexedDB.edb", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\indexeddb.edb", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\Settings\\settings.dat", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\settings\\settings.dat", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\12\\zinc[1].htm", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\12\\zinc[1].htm", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\045d3532[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\045d3532[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\09b80652[1].css", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\09b80652[1].css", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\1cc152ef[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\1cc152ef[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\3c99c1b4[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\3c99c1b4[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\3e533cad[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\3e533cad[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\4b55922b[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\4b55922b[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\613fadbe[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\613fadbe[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\69d5af3a[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\69d5af3a[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8590ff3b[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8590ff3b[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8636b4dd[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8636b4dd[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8925e2fd[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8925e2fd[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\916eb510[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\916eb510[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\a282b3bf[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\a282b3bf[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\bb5c331f[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\bb5c331f[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\ca2ffdc0[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\ca2ffdc0[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\d5ac23a7[1].css", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\d5ac23a7[1].css", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\e48237f6[1].js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\e48237f6[1].js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\e994e448[1].css", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\e994e448[1].css", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\efcb0cd5[1].css", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\efcb0cd5[1].css", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\f544a93b[1].css", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\f544a93b[1].css", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\Init[1].htm", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\init[1].htm", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\5\\zinc[1].htm", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\5\\zinc[1].htm", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\6\\zinc[1].htm", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\6\\zinc[1].htm", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\Microsoft\\Windows\\3530508098\\2495906576.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\microsoft\\windows\\3530508098\\2495906576.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsFeedback_cw5n1h2txyewy\\AC\\Microsoft\\Windows\\3375042201\\1858609885.pri", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsfeedback_cw5n1h2txyewy\\ac\\microsoft\\windows\\3375042201\\1858609885.pri", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json", "operations": [ "read", "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\IconCacheRdr.dat.GDCB", "hashes": [ { "md5_hash": "0fc7061e0eb376d2b0acbad381f47fdf", "sha1_hash": "fb052b9a5ef4e1615a710bb53f752d37a9419764", "sha256_hash": "406a7bf9b71455f12d35992195d5c07118d73d8859806a5a3e104ded75758464", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\iconcacherdr.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\IconCacheRdr65536.dat.GDCB", "hashes": [ { "md5_hash": "132bbc930f049894ccea5871ffe84ab8", "sha1_hash": "0a0ddf8b74c5d38f9587157dca9fb33e6750f030", "sha256_hash": "8364e5a9e4410c14a887d43e44d51c1aea63ec5ad44c2c97a718e9ba8580e840", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\iconcacherdr65536.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Adobe\\Acrobat\\DC\\UserCache.bin.GDCB", "hashes": [ { "md5_hash": "bf882920036a75cb92c792306f46e5ec", "sha1_hash": "3375b3ff827228a9f97ee756c354cdfc384886bb", "sha256_hash": "8ab70fe4905f49f8d0d84d2baf791e58cdaa3f63ececf6f63fb5526aeedc32ed", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\usercache.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\AdobeARM.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\adobearm.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\ArmUI.ini.GDCB", "hashes": [ { "md5_hash": "3bf4de62d5ecc6299d86cb914df154e4", "sha1_hash": "145d9ca3e2032073ddc3f0a297b10d479025da11", "sha256_hash": "eb77ff5b42593075218ff67884a0ada3260a482cf7bb4d8ca1b6393ab5971516", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\armui.ini.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\fY0zS5d.rtf.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\fy0zs5d.rtf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\L0CGgz.mkv.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\l0cggz.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\pEYv.bmp.GDCB", "hashes": [ { "md5_hash": "5e0ad431fc81650f8e806c3a7850912d", "sha1_hash": "41ad042c6e4d239dc3ab5d1e1afedc4d8003e718", "sha256_hash": "ee7a9547438b54a799ab81473bcc68618a885979f73f1b7b90168dfd0ca288a9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\peyv.bmp.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\psXl 1.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\psxl 1.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\u 7QTCnd.flv.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\u 7qtcnd.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\UwUP52bZ.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\uwup52bz.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\XFNO_BFGg.m4a.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\xfno_bfgg.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\Temp\\CalendarCache.dat.GDCB", "hashes": [ { "md5_hash": "b4984e476fc4c3f7a877a610e51e45ad", "sha1_hash": "1039877f8c3232b1c992096d5126b634f2c2616c", "sha256_hash": "15f2c4dd846a56bacdd0cdcae19df41307ccfd697e24a68c04b21f5e1c5e902b", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\temp\\calendarcache.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\USS.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\uss.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Comms\\UnistoreDB\\USStmp.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\unistoredb\\usstmp.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\ngen.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\ngen.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32\\ngen.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0_32\\ngen.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Visio\\content16.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\visio\\content16.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\-369M1WtPTX1gbG.flv.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\-369m1wtptx1gbg.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\2VKr21JCYqf.m4a.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\2vkr21jcyqf.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\7Myiu18iTn_ngVPG0Kx.flv.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\7myiu18itn_ngvpg0kx.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\7_RurxYXMq2BTCtqr.mp3.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\7_rurxyxmq2btctqr.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\9NNryomG21wNwN.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\9nnryomg21wnwn.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\AdobeARM.log.GDCB", "hashes": [ { "md5_hash": "5d38e9224946a9e3c203e6c37f5331f7", "sha1_hash": "7ee6a0f0270db05edbf912974c4cfa666d8a9557", "sha256_hash": "6b9dc2d85598d87b21466a4837eac9b31ab7a9478d541dfa307a8a6be8d864a4", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\adobearm.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\fY0zS5d.rtf.GDCB", "hashes": [ { "md5_hash": "b4376a13dc0ef32795c0cd127aa9ba58", "sha1_hash": "bed8ed9bb9da598d3764ac44908d0538dca75db6", "sha256_hash": "7a76fa1378067d4ad893ea72f9fa8fcec388006bd76a89dd139bfbab9ea982b5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\fy0zs5d.rtf.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\GyoubGx88PJkao Y.mp3.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\gyoubgx88pjkao y.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\hVvFtKteq1q.mp3.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\hvvftkteq1q.mp3.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\jdLA6osJ6x3cyku_75S.avi.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\jdla6osj6x3cyku_75s.avi.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\L0CGgz.mkv.GDCB", "hashes": [ { "md5_hash": "44d69685bfe799614b7ce1309bec6c58", "sha1_hash": "2be215eba0ccc3b11c75e4b79b223c5d1f1222e1", "sha256_hash": "4d2d6b0642655be638e53d79303045ca1e067dfc496a38484006452ea244cd3e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\l0cggz.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\LHNIWSJ-20171110-1726.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\lhniwsj-20171110-1726.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\MlXrhRSyH8OOfz222Dl_.pps.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\mlxrhrsyh8oofz222dl_.pps.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\NbT tZY4nGK-NKUC.mkv.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nbt tzy4ngk-nkuc.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\NBtZJjP_xEPhcceVV8.m4a.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nbtzjjp_xephccevv8.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\nmK9pn0EeDdRWu.xlsx.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\nmk9pn0eeddrwu.xlsx.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\o h1B4ZQMyLmEA.ods.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\o h1b4zqmylmea.ods.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\psXl 1.gif.GDCB", "hashes": [ { "md5_hash": "80d66f640e05a25a0b42763de8a43b32", "sha1_hash": "04d3b9898eb212585493f55f5158f7a165a24f84", "sha256_hash": "8d31229fcec80febf56ba63c94b5fa6ee05465866bdc348171962b14c2ad1eeb", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\psxl 1.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\P_IZ n5ZsYEU.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\p_iz n5zsyeu.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\u 7QTCnd.flv.GDCB", "hashes": [ { "md5_hash": "32ae09b304230ed8e10ad94d3399eea0", "sha1_hash": "d07bcacc187c6db6ecfd29eb2c40a29b07cfe11d", "sha256_hash": "da2c885143c02b2ab082607addc717d412f4c0a71ad95f0bda8f104a0db46e51", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\u 7qtcnd.flv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\UwUP52bZ.gif.GDCB", "hashes": [ { "md5_hash": "06c0738b8172a64561722a3286234cc8", "sha1_hash": "b7eed85264fdf1feb5f88b0c74dc4637335dab06", "sha256_hash": "6a77d018608e327a4de7feb6be95f86d425fee95886e7cf4ab2ac43d767b2de8", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\uwup52bz.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\XFNO_BFGg.m4a.GDCB", "hashes": [ { "md5_hash": "ab7753a2c7578bdda32ebe81902fdb7a", "sha1_hash": "594698ee95d2d737336ea2ec571049f75d163c55", "sha256_hash": "bc5d1e1b976cd2a1217804ba076ae83cd02a54139ec8515513017b12263ac1dc", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\xfno_bfgg.m4a.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\XPAz2BfWzJmuIx.mkv.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\xpaz2bfwzjmuix.mkv.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\Y5q_iSG1AAFgs9Oxw7.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\y5q_isg1aafgs9oxw7.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\YRyrD_tRBHdMGD-Z.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\yryrd_trbhdmgd-z.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temp\\YX5UQJjrwszF5k.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\yx5uqjjrwszf5k.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\Database\\EDB00004.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\database\\edb00004.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\Database\\EDBtmp.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\database\\edbtmp.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Crashpad\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\crashpad\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\previews_opt_out.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v2.0\\UsageLogs\\WINPROJ.EXE.log.GDCB", "hashes": [ { "md5_hash": "2e07a28f72b02f5cc0bc1645a2b2e888", "sha1_hash": "dff08188de9ece1376a7a974be5c1a24c7476b25", "sha256_hash": "dae0a8c3ad7f3d29ae49045651ddb302cc4148e6a94acaa742758f71f192188e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v2.0\\usagelogs\\winproj.exe.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\mmc.exe.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\mmc.exe.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\NGenTask.exe.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\ngentask.exe.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\powershell.exe.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\powershell.exe.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0\\UsageLogs\\sdiagnhost.exe.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0\\usagelogs\\sdiagnhost.exe.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\CLR_v4.0_32\\UsageLogs\\NGenTask.exe.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v4.0_32\\usagelogs\\ngentask.exe.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\brndlog.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\brndlog.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.1.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domainsuggestions\\en-us.1.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\ie4uinit-UserConfig.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ie4uinit-userconfig.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\excel.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\excel.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officec2rclient.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officec2rclient.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officeclicktorun.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officeclicktorun.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\onenote.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\onenote.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\outlook.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\outlook.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\powerpnt.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\powerpnt.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\setup.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\setup.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\setup64.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\setup64.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\visio.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\visio.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\winproj.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\winproj.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\winword.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\winword.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayLogo.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplaylogo.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\ExclusionList.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\exclusionlist.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayLogo.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplaylogo.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplayoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayOptIn.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplayoptin.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ExclusionList.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\exclusionlist.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\alertIcon.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\alerticon.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AppBlue.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\appblue.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AppWhite.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\appwhite.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ElevatedAppBlue.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\elevatedappblue.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\Error.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\error.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ErrorPage.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\errorpage.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\cloud.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\cloud.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\folder.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\folder.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\loading.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\loading.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\settings.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\settings.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\LoadingPage.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\loadingpage.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\OneDriveLogo.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\onedrivelogo.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaCritical.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotacritical.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaError.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotaerror.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaNearing.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotanearing.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ScreenshotOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\screenshotoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\TestSharePage.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\testsharepage.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\Warning.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\warning.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\alertIcon.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\alerticon.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppBlue.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\appblue.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppErrorBlue.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\apperrorblue.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppErrorWhite.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\apperrorwhite.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppWhite.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\appwhite.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AutoPlayOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\autoplayoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AutoPlayOptIn.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\autoplayoptin.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ElevatedAppBlue.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\elevatedappblue.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\Error.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\error.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ErrorPage.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\errorpage.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\blurrect.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\blurrect.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\chevron.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\chevron.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\cloud.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\cloud.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\loading.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\loading.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\settings.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\settings.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\signIn.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\signin.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\LoadingPage.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\loadingpage.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\OneDriveLogo.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\onedrivelogo.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaCritical.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotacritical.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaError.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotaerror.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaNearing.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotanearing.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ScreenshotOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\screenshotoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\TestSharePage.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\testsharepage.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\Warning.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\warning.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\StandaloneUpdater\\Update.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\standaloneupdater\\update.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000000.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000000.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000001.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000001.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000004.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000004.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000005.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000005.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000006.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000006.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000007.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000007.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000008.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000008.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000009.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000009.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000C.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000c.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000D.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000d.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000F.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000f.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000G.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000g.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000H.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000h.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000I.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000i.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000J.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000j.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000L.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000l.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000M.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000m.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000N.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000n.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000O.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000o.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000P.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000p.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000Q.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000q.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000R.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000r.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000S.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000s.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000T.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000t.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000U.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000u.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000000V.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000000v.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000010.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000010.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000011.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000011.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000012.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000012.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000013.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000013.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000014.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000014.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000015.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000015.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000016.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000016.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000017.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000017.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000018.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000018.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003K.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003k.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003L.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003l.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003M.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003m.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000003N.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000003n.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\00000048.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\00000048.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneNote\\16.0\\cache\\0000004U.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onenote\\16.0\\cache\\0000004u.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\1033\\StructuredQuerySchema.bin.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\1033\\structuredqueryschema.bin.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\cversions.1.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\cversions.1.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\cversions.3.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\cversions.3.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_1280.db.GDCB", "hashes": [ { "md5_hash": "be73837552d722a0b966186512851a2d", "sha1_hash": "8260ff0bbe441a553c9321c33f48cde5b249776c", "sha256_hash": "96890b8cd391992c8c2fab7677e1f1d249c61e03657419f16ab427d33587ada3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_1280.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_16.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_16.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_1920.db.GDCB", "hashes": [ { "md5_hash": "02b73d4b4ef21ab859651f7abcaf34a4", "sha1_hash": "1ef5feec863c57d84a42c49da3374985bd1c87e1", "sha256_hash": "7685c55a93a23bd552e035f7033b71561bef49fa54ac73738ab23ae660abca49", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_1920.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_2560.db.GDCB", "hashes": [ { "md5_hash": "84524a35d21c292988e364bdc903218b", "sha1_hash": "75a527cde5716693d77558649190c5ef15e2d049", "sha256_hash": "8a3b949396aa32857c0134f79649118751a45735f9edf794e2c341b1ecc85529", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_2560.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_768.db.GDCB", "hashes": [ { "md5_hash": "8564beeedec4a7a56e0dc72d2919ce1f", "sha1_hash": "59a0da56530f5e36cce0846e49e46b05177b9d54", "sha256_hash": "a18ffb4edc3e53e4f714e449c27dfe68f0bcbe989a21f2cb45b676c7229189d7", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_768.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_96.db.GDCB", "hashes": [ { "md5_hash": "59ab91efdfaff60ceca489faee8c397e", "sha1_hash": "013c3400ebe04018a8ba05bf96f85a8513926ece", "sha256_hash": "83d982668329811a4eb6d620b3baa1b5b8cd05e33b9a14da43f197d9c16eb490", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_96.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_custom_stream.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_exif.db.GDCB", "hashes": [ { "md5_hash": "0a68d4faf0383e77e3f22d60e2d98fd7", "sha1_hash": "03c52f304dd7b54c7d5a69e2a574811fb5d51193", "sha256_hash": "f683e7c200fc56d71e4f996c6a6564fe583eaa70fbed4f54981eb7b649e1d4a3", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_exif.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_sr.db.GDCB", "hashes": [ { "md5_hash": "fada87e3fea81eede92bfea8606fd61f", "sha1_hash": "aa909dd16c8dbec90e5cce2960727e66b3a936ce", "sha256_hash": "efe09c26fd50dd628d3d2a468779d802096219db65b9c692ec6717e645308127", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_sr.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_wide.db.GDCB", "hashes": [ { "md5_hash": "53a9bfbb45b90e2a41103c35c8658d1d", "sha1_hash": "5eb9cb1ac9c97a5de583add0e660682ff33c43d4", "sha256_hash": "5ee2f440471473e0075dddc7b952e931ecfcd72a404134991a7cd8398180a6b9", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_wide.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Low\\SmartScreenCache.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcache\\low\\smartscreencache.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Low\\SuggestedSites.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcache\\low\\suggestedsites.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\0I8MI595.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\0i8mi595.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\8489XH4E.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\8489xh4e.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\8JC8NM7O.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\8jc8nm7o.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\0GHTMU6X.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\0ghtmu6x.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\0MDKR34W.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\0mdkr34w.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\0Z1JIEVI.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\0z1jievi.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\16DOE15M.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\16doe15m.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\16Y0X4V7.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\16y0x4v7.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1L3KU69N.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1l3ku69n.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1LFQZEOH.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1lfqzeoh.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1LLUY7B7.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1lluy7b7.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\1UYN2RFY.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\1uyn2rfy.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\23JC2UTD.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\23jc2utd.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\2EQ4E2OJ.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\2eq4e2oj.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\2HYILE1O.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\2hyile1o.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\3RW4K76X.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\3rw4k76x.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\3VVSZ2CO.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\3vvsz2co.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4MN240WN.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4mn240wn.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4O6583I0.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4o6583i0.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4YWCPPXN.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4ywcppxn.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\4Z6UDYLY.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\4z6udyly.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5AFMRGRY.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5afmrgry.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5ARQYMIV.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5arqymiv.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5AV8L20N.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5av8l20n.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5NWXN3UI.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5nwxn3ui.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5STJ6NZL.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5stj6nzl.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5TAY54V0.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5tay54v0.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\5WQEGNKI.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\5wqegnki.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\66I0OJL8.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\66i0ojl8.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\80J4IH0Y.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\80j4ih0y.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\8FFCGS26.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\8ffcgs26.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9ABR37NL.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9abr37nl.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9IJPMFHZ.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9ijpmfhz.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9M7ZHW1Q.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9m7zhw1q.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9XACNSYG.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9xacnsyg.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\9Z1Y5ICI.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\9z1y5ici.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\A0RK8A2H.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\a0rk8a2h.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\AA2IJ7JU.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\aa2ij7ju.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\B427TFXJ.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\b427tfxj.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\BK4HNAZ1.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\bk4hnaz1.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\CC7DS78R.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\cc7ds78r.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\CDGOWO27.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\cdgowo27.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\CYHYO8JD.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\cyhyo8jd.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\D9QO3KHK.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\d9qo3khk.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\DN8YUCVA.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\dn8yucva.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\DQI7WAG8.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\dqi7wag8.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\DRDF2EZX.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\drdf2ezx.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\E2KPI4ZI.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\e2kpi4zi.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\E978TFRK.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\e978tfrk.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\F68MFAMN.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\f68mfamn.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FCGXHIFT.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\fcgxhift.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FGTTES1V.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\fgttes1v.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FLTMVY1F.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\fltmvy1f.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\FOLSAQT6.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\folsaqt6.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\GXB342YS.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\gxb342ys.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\H5LCJX1B.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\h5lcjx1b.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\HBPP9XXY.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\hbpp9xxy.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\HF8F6LU0.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\hf8f6lu0.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\HTVL5WIW.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\htvl5wiw.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\ILF13HLB.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ilf13hlb.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\ISTFXHHR.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\istfxhhr.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\ITD4OUAR.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\itd4ouar.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\J4JSQG9R.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\j4jsqg9r.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\JQOCYKOH.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\jqocykoh.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\JWFWLAYR.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\jwfwlayr.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\K8249Y1G.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\k8249y1g.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\KNJ4AJDH.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\knj4ajdh.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\L78EW25D.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\l78ew25d.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LC10XEWL.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\lc10xewl.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LVARU12Y.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\lvaru12y.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LY1NFEKN.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ly1nfekn.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\LY3FDU65.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ly3fdu65.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\M19117WZ.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\m19117wz.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MA5WDFBR.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ma5wdfbr.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MBJX4MYA.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mbjx4mya.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MCAKE788.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mcake788.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MIL4MU1S.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mil4mu1s.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MM8KB9U2.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mm8kb9u2.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MMPF10F4.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\mmpf10f4.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\MOE7DCQU.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\moe7dcqu.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\NEHE4KDB.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\nehe4kdb.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\NOCAHPZ6.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\nocahpz6.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\NYCCG1AV.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\nyccg1av.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\O8FFFI2K.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\o8fffi2k.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\P778SMC9.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\p778smc9.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\PF9HBAFQ.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\pf9hbafq.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\PK3I34UV.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\pk3i34uv.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\QUMCK8L4.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\qumck8l4.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RAYRHE6Z.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\rayrhe6z.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RQK5QF4L.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\rqk5qf4l.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RTEPN67M.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\rtepn67m.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\RYK7X1K4.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ryk7x1k4.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\S0EK69P5.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\s0ek69p5.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\SEVCUJM3.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\sevcujm3.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\STGOZ493.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\stgoz493.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\T1LCPPSA.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\t1lcppsa.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\TCXQPY9L.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\tcxqpy9l.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\TEW946CI.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\tew946ci.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\TFCJHLEI.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\tfcjhlei.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\U2OYIS47.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\u2oyis47.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\U8FCPAKJ.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\u8fcpakj.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UBUPNOZC.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ubupnozc.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UBXQG39X.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ubxqg39x.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UGL14QS0.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\ugl14qs0.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\UUEVXDWP.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\uuevxdwp.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\V7NNCJHO.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\v7nncjho.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\VD3GM2DA.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\vd3gm2da.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\WPEXKTDV.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\wpexktdv.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\WUT8M1Q8.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\wut8m1q8.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\WX75TEOR.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\wx75teor.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\XRS5D0N2.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\xrs5d0n2.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\XUAUK5R0.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\xuauk5r0.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\Y1I415YS.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\y1i415ys.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Low\\Y3XU5OKR.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\low\\y3xu5okr.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\OOUVZSZN.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\oouvzszn.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\TIGZFGLM.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\tigzfglm.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\XNW1G0SM.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\xnw1g0sm.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCookies\\Z3FJF3OM.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcookies\\z3fjf3om.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\179e8db5.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\179e8db5.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\1ba49cb8.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\1ba49cb8.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\1f43fcc4.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\1f43fcc4.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\3d12749e.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\3d12749e.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\4929c482.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\4929c482.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\52572b1f.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\52572b1f.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\6b492b11.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\6b492b11.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\7a7d9912.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\7a7d9912.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\7fe97f77.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\7fe97f77.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\9c14e2ad.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\9c14e2ad.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a229ed41.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a229ed41.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a271c2fa.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a271c2fa.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a2e35824.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a2e35824.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\cc2f5fc7.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\cc2f5fc7.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\cf6a15d.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\cf6a15d.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\da8e59e.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\da8e59e.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\eae01907.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\eae01907.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f466753.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f466753.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f4b839c7.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f4b839c7.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f67a62c3.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f67a62c3.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f76d6757.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f76d6757.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f7f275e5.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f7f275e5.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\fb970b75.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\fb970b75.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\fc14e05c.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\fc14e05c.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1079934665\\2034961148.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1079934665\\2034961148.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1605653898\\4275773285.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1605653898\\4275773285.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1978304864\\923683402.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1978304864\\923683402.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2107319684\\2467780804.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2107319684\\2467780804.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\226732975\\2698495915.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\226732975\\2698495915.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2570292521\\231755001.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2570292521\\231755001.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2577507833\\3967450640.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2577507833\\3967450640.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2646675675\\806068533.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2646675675\\806068533.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3053798886\\3825186184.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3053798886\\3825186184.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3295484897\\2504515037.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3295484897\\2504515037.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3375042201\\1858609885.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3375042201\\1858609885.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3530508098\\2495906576.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3530508098\\2495906576.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3705566220\\624664733.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3705566220\\624664733.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3779757838\\1034590242.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3779757838\\1034590242.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3782802250\\2924287686.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3782802250\\2924287686.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\860568095\\965632691.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\860568095\\965632691.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Shell\\DefaultLayouts.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\shell\\defaultlayouts.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\WebCache\\V010002A.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\webcache\\v010002a.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\WebCache\\V010002B.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\webcache\\v010002b.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows Sidebar\\settings.ini.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows sidebar\\settings.ini.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\SmartScreenCache.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\smartscreencache.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Temporary Internet Files\\Low\\SuggestedSites.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temporary internet files\\low\\suggestedsites.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\Database\\EDB00004.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\database\\edb00004.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\TileDataLayer\\Database\\EDBtmp.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\tiledatalayer\\database\\edbtmp.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\databases\\Databases.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\databases\\databases.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extension rules\\000003.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extension state\\000003.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\previews_opt_out.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\000003.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\service worker\\database\\000003.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Session Storage\\000004.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\session storage\\000004.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DomainSuggestions\\en-US.1.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domainsuggestions\\en-us.1.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\52UK17NV\\www.google[1].xml.GDCB", "hashes": [ { "md5_hash": "ec0dac0e26f04c20545c25465723c368", "sha1_hash": "fd944a47725230f0b569abb774f7dbb3371727c4", "sha256_hash": "e399b1ec24ed664e4d67e308a614da031f95ea57df5368ef0daf7cd87f17c9d1", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domstore\\52uk17nv\\www.google[1].xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\L8OQST1L\\consent.google[1].xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domstore\\l8oqst1l\\consent.google[1].xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\ie4uinit-ClearIconCache.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ie4uinit-cleariconcache.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\ie4uinit-UserConfig.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\ie4uinit-userconfig.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\IECompatData\\iecompatdata.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\iecompatdata\\iecompatdata.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\imagestore\\sl72e5n\\imagestore.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\imagestore\\sl72e5n\\imagestore.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Tiles\\pin-314712940\\msapplication.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\tiles\\pin-314712940\\msapplication.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\VersionManager\\versionlist.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\versionmanager\\versionlist.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officec2rclient.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officec2rclient.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Office\\16.0\\officeclicktorun.exe_Rules.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\office\\16.0\\officeclicktorun.exe_rules.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayLogo.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplaylogo.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\AutoPlayOptIn.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\autoplayoptin.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626\\ExclusionList.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626\\exclusionlist.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayLogo.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplaylogo.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplayoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\AutoPlayOptIn.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\autoplayoptin.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.5892.0626_1\\ExclusionList.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.5892.0626_1\\exclusionlist.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\AutoPlayOptIn.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\autoplayoptin.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ElevatedAppBlue.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\elevatedappblue.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ElevatedAppWhite.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\elevatedappwhite.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\acmDismissIcon.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\acmdismissicon.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\cloud.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\cloud.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\errorIcon.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\erroricon.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\folder.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\folder.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\iceBucket.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\icebucket.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\loading.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\loading.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\onDemandFiles.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\ondemandfiles.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\onDemandSelectiveSync.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\ondemandselectivesync.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\onedrivePremium.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\onedrivepremium.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\partiallyFreezing.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\partiallyfreezing.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\settings.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\settings.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\settingsdisabled.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\settingsdisabled.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\stackedIceCubes.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\stackedicecubes.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\waterGlass.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\waterglass.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\LoadingPage.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\loadingpage.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\OneDriveLogo.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\onedrivelogo.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaCritical.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotacritical.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\QuotaNearing.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\quotanearing.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ScreenshotOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\screenshotoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\TestSharePage.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\testsharepage.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\ThirdPartyNotices.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\thirdpartynotices.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppErrorBlue.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\apperrorblue.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AppErrorWhite.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\apperrorwhite.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AutoPlayOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\autoplayoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\AutoPlayOptIn.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\autoplayoptin.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ElevatedAppBlue.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\elevatedappblue.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ElevatedAppWhite.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\elevatedappwhite.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\acmDismissIcon.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\acmdismissicon.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\blurrect.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\blurrect.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\checkmark_finished.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\checkmark_finished.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\checkmark_hovered.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\checkmark_hovered.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\checkmark_in_progress.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\checkmark_in_progress.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\checkmark_selected.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\checkmark_selected.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\chevron.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\chevron.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\chevronUp.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\chevronup.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\cloud.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\cloud.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\done_graphic.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\done_graphic.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\errorIcon.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\erroricon.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder_image_desktop.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder_image_desktop.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder_image_documents.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder_image_documents.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder_image_pictures.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder_image_pictures.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\iceBucket.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\icebucket.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\loading.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\loading.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\loading_spinner.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\loading_spinner.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onDemandFiles.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\ondemandfiles.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onDemandFilesDehydrate.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\ondemandfilesdehydrate.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onDemandSelectiveSync.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\ondemandselectivesync.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onedrivePremium.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\onedrivepremium.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\overflowIcon.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\overflowicon.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\overflowIconWhite.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\overflowiconwhite.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\partiallyFreezing.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\partiallyfreezing.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\settings.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\settings.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\settingsdisabled.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\settingsdisabled.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\signIn.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\signin.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\stackedIceCubes.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\stackedicecubes.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\waterGlass.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\waterglass.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\LoadingPage.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\loadingpage.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\OneDriveLogo.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\onedrivelogo.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaCritical.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotacritical.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\QuotaNearing.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\quotanearing.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ScreenshotOptIn.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\screenshotoptin.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\TestSharePage.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\testsharepage.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\ThirdPartyNotices.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\thirdpartynotices.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_121120_934-848.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_121120_934-848.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_121121_d68-ddc.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_121121_d68-ddc.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_123817_760-808.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_123817_760-808.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_123818_e38-824.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_123818_e38-824.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_133220_864-704.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_133220_864-704.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\2017-07-21_133220_ae0-29c.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\2017-07-21_133220_ae0-29c.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-05-24_104600_528-57c.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-05-24_104600_528-57c.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-07-12_164138_904-4d0.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-07-12_164138_904-4d0.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-11-10_161055_b54-c0c.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-11-10_161055_b54-c0c.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_256.db.GDCB", "hashes": [ { "md5_hash": "51947ffd5514e151ddcaa4f68e27a8b1", "sha1_hash": "774b27c8b0864d4a6a804549b687cb9455fffa08", "sha256_hash": "e2ae56bfad2ec2fe500c76aeb1f57f11ec16195cd804581b206aca43c2be7e0c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_256.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_32.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_32.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_48.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_48.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_custom_stream.db.GDCB", "hashes": [ { "md5_hash": "5550f3a3faf77ba31ff8cb8aa2452af4", "sha1_hash": "98399736baba2f252b5b2dfe0c9b6a177b60eb70", "sha256_hash": "25474e6719393a8b65e67085ec53d770d77ecc68cf91fa2581242eb8d92531e0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_custom_stream.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_idx.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_idx.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\iconcache_wide_alternate.db.GDCB", "hashes": [ { "md5_hash": "04737579390b94fe984d9c857157954d", "sha1_hash": "ea9ed7dc6463a6a9f49a7b1fde156b5c29d9aa9b", "sha256_hash": "0a1f0b89b51aa6466891a75d4b708651f9dc18699c2b57806f6d9a010ca1dcd0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_1280.db.GDCB", "hashes": [ { "md5_hash": "27c6858a69cc97bef33ff974c25725f3", "sha1_hash": "1746e7db5ec2152d99dff29363e005852ac18116", "sha256_hash": "60b8b1f171c03bc176c139164d833acc178c85b7b88cb604373f489211e416da", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_1280.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_16.db.GDCB", "hashes": [ { "md5_hash": "1b24296c9646ae4016bd39cfc929be01", "sha1_hash": "1375a7fba96d68184a55c27557c2160cdf45bfec", "sha256_hash": "2fa73997efa0fe647cd36d5a9e9155ee8b61836bc720f1d127b6ab0adca807ab", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_16.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_1920.db.GDCB", "hashes": [ { "md5_hash": "31af4e840b0a8282c753cf861eace6f2", "sha1_hash": "127fc146d12a0a941733074ff17cc11acd85d57f", "sha256_hash": "da417ac9b52d08c29a13d8653b468ca090bc445287519a9d75ad3bb4c7cd704a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_1920.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_256.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_256.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_2560.db.GDCB", "hashes": [ { "md5_hash": "43a53c7ec10033300ac4dd6225d461dd", "sha1_hash": "aa81e45004a30685536ce97b81ed8eae129a6824", "sha256_hash": "9478cb573628c7389b4dfa7ec33661fda7e142437beeafd22ccf0128fa06134a", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_2560.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_32.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_32.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_768.db.GDCB", "hashes": [ { "md5_hash": "600b1818a6d34480d33eea000c277a31", "sha1_hash": "a8743e3dfd5c3262509d3ae3856464d6f692f3fe", "sha256_hash": "a735b431c6ec13c900b4d4228380c0e3170d6674f535ce2618af5ec5af29ba39", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_768.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_96.db.GDCB", "hashes": [ { "md5_hash": "407bc8cee99932182ab3c65f649e911b", "sha1_hash": "9314f15f45b9836e66e95c428ad2c17b844df24d", "sha256_hash": "3e11a32d4553052a05f275d0177301c9ef3dcd50f81061baeb72ab69a508d454", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_96.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_custom_stream.db.GDCB", "hashes": [ { "md5_hash": "3bf9c336a0b4e1c08b6ef5d1c034e92e", "sha1_hash": "6324e7e2fab26c44948155c957bcc8f14832e627", "sha256_hash": "eaa66b36e828fcb060da292973b131d1587838ac907bd8379c77930b569753d0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_custom_stream.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_exif.db.GDCB", "hashes": [ { "md5_hash": "4112f9db59c9acfc9e186b3e82efb6c6", "sha1_hash": "ff41569ac29d2c673a37689a9a39ef628bfc4351", "sha256_hash": "8c4469c907a7e1d75d3ff2e98773e1d1bf5a9331b540134c8c5066bcbcdda0b0", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_exif.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_sr.db.GDCB", "hashes": [ { "md5_hash": "523e7d518b79763900f2f879fb01e5db", "sha1_hash": "4cde6c7deeaecd552a9c2ccb3c1b04eb28b64b3c", "sha256_hash": "6e2146344d81eac7e438e3a79c3e8d892e81816b64cc2ba095e09a67bfdeb571", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_sr.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_wide.db.GDCB", "hashes": [ { "md5_hash": "949084f7925607a890f972e517df979a", "sha1_hash": "7d3c8ac2a9f453dde15c9c34518c21968e16e71c", "sha256_hash": "5cd60768718bc04e544a1417dfd2f493748e177fc07050be0d83a1e645e4c856", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_wide.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Explorer\\thumbcache_wide_alternate.db.GDCB", "hashes": [ { "md5_hash": "60c61a888f0573147219df1fda475503", "sha1_hash": "4fc116ae89c7ce8776384ce3b787f0738f5f336a", "sha256_hash": "7ec88ab19d21863ad0879619651e617ca84d69095d73c69f401e5d9fdc44d29e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_wide_alternate.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\INetCache\\Low\\SmartScreenCache.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\inetcache\\low\\smartscreencache.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\179e8db5.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\179e8db5.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\1ba49cb8.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\1ba49cb8.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\1f43fcc4.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\1f43fcc4.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\3d12749e.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\3d12749e.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\4929c482.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\4929c482.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\52572b1f.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\52572b1f.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\6b492b11.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\6b492b11.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\7a7d9912.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\7a7d9912.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\7fe97f77.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\7fe97f77.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\9c14e2ad.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\9c14e2ad.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a229ed41.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a229ed41.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a271c2fa.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a271c2fa.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\a2e35824.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\a2e35824.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\cc2f5fc7.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\cc2f5fc7.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\cf6a15d.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\cf6a15d.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\da8e59e.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\da8e59e.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\eae01907.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\eae01907.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f466753.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f466753.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f4b839c7.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f4b839c7.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f67a62c3.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f67a62c3.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f76d6757.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f76d6757.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\f7f275e5.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\f7f275e5.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\fb970b75.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\fb970b75.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Notifications\\wpnidm\\fc14e05c.jpg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\notifications\\wpnidm\\fc14e05c.jpg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1079934665\\2034961148.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1079934665\\2034961148.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1605653898\\4275773285.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1605653898\\4275773285.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\1978304864\\923683402.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\1978304864\\923683402.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2107319684\\2467780804.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2107319684\\2467780804.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\226732975\\2698495915.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\226732975\\2698495915.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2570292521\\231755001.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2570292521\\231755001.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2577507833\\3967450640.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2577507833\\3967450640.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\2646675675\\806068533.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\2646675675\\806068533.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3053798886\\3825186184.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3053798886\\3825186184.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3295484897\\2504515037.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3295484897\\2504515037.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3375042201\\1858609885.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3375042201\\1858609885.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3530508098\\2495906576.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3530508098\\2495906576.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3705566220\\624664733.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3705566220\\624664733.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3779757838\\1034590242.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3779757838\\1034590242.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\3782802250\\2924287686.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\3782802250\\2924287686.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\PRICache\\860568095\\965632691.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\pricache\\860568095\\965632691.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Windows Anytime Upgrade\\Upgrade_dism.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\windows anytime upgrade\\upgrade_dism.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cache2\\index.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\cache2\\index.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\directoryLinks.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\directorylinks.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\OfflineCache\\index.sqlite.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\offlinecache\\index.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.3DBuilder_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.3dbuilder_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.AccountsControl_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.accountscontrol_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Appconnector_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.appconnector_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingFinance_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingfinance_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingNews_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingnews_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingSports_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingsports_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingWeather_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingweather_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BioEnrollment_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bioenrollment_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Getstarted_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.getstarted_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.LockApp_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.lockapp_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.office.onenote_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.People_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.people_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.SkypeApp_kzf8qxf38zg5c\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.skypeapp_kzf8qxf38zg5c\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.vclibs.140.00_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsAlarms_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsalarms_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsFeedback_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsfeedback_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.XboxApp_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.xboxapp_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.ZuneMusic_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.zunemusic_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.ZuneVideo_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.zunevideo_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.ContactSupport_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.contactsupport_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\windows.devicesflow_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.devicesflow_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.MiracastView_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.miracastview_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.PrintDialog_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.printdialog_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.PurchaseDialog_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.purchasedialog_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Service Worker\\Database\\000003.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\service worker\\database\\000003.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\DOMStore\\L8OQST1L\\consent.google[1].xml.GDCB", "hashes": [ { "md5_hash": "f0ba071403c582a7ef9044a4343a8742", "sha1_hash": "11d901255b1978b0f98134993f27ef173e2ee227", "sha256_hash": "c6ce6391a34e4c364caaccf95bc3a233d723caa4826842ca74e003067f7dda99", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domstore\\l8oqst1l\\consent.google[1].xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.6917.0607\\images\\onDemandSelectiveSync.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.6917.0607\\images\\ondemandselectivesync.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\checkmark_in_progress.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\checkmark_in_progress.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder_image_documents.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder_image_documents.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\folder_image_pictures.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\folder_image_pictures.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onDemandFilesDehydrate.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\ondemandfilesdehydrate.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\17.3.7076.1026\\images\\onDemandSelectiveSync.svg.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\17.3.7076.1026\\images\\ondemandselectivesync.svg.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install-PerUser_2017-05-24_104601_b30-494.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install-peruser_2017-05-24_104601_b30-494.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install-PerUser_2017-07-12_164141_b14-7f0.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install-peruser_2017-07-12_164141_b14-7f0.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install-PerUser_2017-11-10_161058_b2c-b34.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install-peruser_2017-11-10_161058_b2c-b34.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-05-24_104600_528-57c.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-05-24_104600_528-57c.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-07-12_164138_904-4d0.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-07-12_164138_904-4d0.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\Install_2017-11-10_161055_b54-c0c.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\install_2017-11-10_161055_b54-c0c.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-12_164130_2e0-2c8.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-12_164130_2e0-2c8.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-13_111425_fe4-f74.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-13_111425_fe4-f74.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-14_075507_d98-d94.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-14_075507_d98-d94.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-19_092447_b70-3a8.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-19_092447_b70-3a8.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-07-21_115555_e74-e78.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-07-21_115555_e74-e78.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\OneDrive\\setup\\logs\\StandaloneUpdate_2017-11-10_161047_cc8-42c.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\onedrive\\setup\\logs\\standaloneupdate_2017-11-10_161047_cc8-42c.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{219D4102-8477-4DA3-B68D-CBEB50436A31}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{219d4102-8477-4da3-b68d-cbeb50436a31}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{3142F004-AD96-48E4-B756-4D6F73D1B9C8}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{3142f004-ad96-48e4-b756-4d6f73d1b9c8}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{46F14CBA-A8C3-4AB0-8748-F3A8C35622B4}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{46f14cba-a8c3-4ab0-8748-f3a8c35622b4}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{5C217167-4731-4AFD-B181-6274E3DFBF25}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{5c217167-4731-4afd-b181-6274e3dfbf25}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{708686A3-2087-4B70-81FB-7F608AD7F5D4}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{708686a3-2087-4b70-81fb-7f608ad7f5d4}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{A90EDA99-693C-4259-AF53-D06F3BBAEEAB}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{a90eda99-693c-4259-af53-d06f3bbaeeab}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{A95B47FD-465D-4ACE-A006-DCCC9033E6DB}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{a95b47fd-465d-4ace-a006-dccc9033e6db}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{AE613841-F649-4CD7-AF4A-2E7B7D99E12E}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{ae613841-f649-4cd7-af4a-2e7b7d99e12e}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{B5D14E8C-339B-4360-B40C-A274F460B417}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{b5d14e8c-339b-4360-b40c-a274f460b417}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{B6815740-F01E-4E9E-AA05-D3CDE47C3DDC}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{b6815740-f01e-4e9e-aa05-d3cde47c3ddc}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{C20F58C1-CDD0-45F9-9954-BDF0782633CB}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{c20f58c1-cdd0-45f9-9954-bdf0782633cb}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{CE4E71D0-F1F5-4983-B2E3-40DB737B9226}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{ce4e71d0-f1f5-4983-b2e3-40db737b9226}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\ActionCenterCache\\{D1CC3A2E-2BC2-4715-AD4C-90B4CA0868C0}.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\actioncentercache\\{d1cc3a2e-2bc2-4715-ad4c-90b4ca0868c0}.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\MicrosoftEdge\\SharedCacheContainers\\MicrosoftEdge_iecompat\\IECompatData.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoftedge\\sharedcachecontainers\\microsoftedge_iecompat\\iecompatdata.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\OfflineCache\\index.sqlite.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\offlinecache\\index.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.aad.brokerplugin_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.AccountsControl_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.accountscontrol_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Appconnector_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.appconnector_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingFinance_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingfinance_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BingWeather_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bingweather_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.BioEnrollment_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.bioenrollment_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\1143SFPT.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\1143sfpt.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\1HP9XSYA.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\1hp9xsya.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\205ESPV2.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\205espv2.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Y51OCFZ0.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\y51ocfz0.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\edb.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\edb.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftofficehub_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.NET.Native.Framework.1.0_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.net.native.framework.1.0_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.NET.Native.Runtime.1.0_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.net.native.runtime.1.0_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Office.OneNote_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.office.onenote_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.VCLibs.140.00_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.vclibs.140.00_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cloudexperiencehost_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\12\\zinc[1].htm.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\12\\zinc[1].htm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\045d3532[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\045d3532[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\1cc152ef[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\1cc152ef[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\3c99c1b4[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\3c99c1b4[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\3e533cad[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\3e533cad[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\4b55922b[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\4b55922b[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\613fadbe[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\613fadbe[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\69d5af3a[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\69d5af3a[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8590ff3b[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8590ff3b[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8636b4dd[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8636b4dd[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8925e2fd[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8925e2fd[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\916eb510[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\916eb510[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\a282b3bf[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\a282b3bf[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\bb5c331f[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\bb5c331f[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\ca2ffdc0[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\ca2ffdc0[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\e48237f6[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\e48237f6[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\Init[1].htm.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\init[1].htm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\5\\zinc[1].htm.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\5\\zinc[1].htm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\6\\zinc[1].htm.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\6\\zinc[1].htm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCookies\\LVKKMMVN.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\inetcookies\\lvkkmmvn.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\INetCookies\\QX3BSDJD.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\inetcookies\\qx3bsdjd.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb00037.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb00037.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb00038.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb00038.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb00039.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb00039.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb0003A.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb0003a.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb0003B.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb0003b.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edb0003C.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edb0003c.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\edbtmp.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\edbtmp.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AppData\\Indexed DB\\IndexedDB.edb.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\appdata\\indexed db\\indexeddb.edb.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.parentalcontrols_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite-shm.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite-shm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\LocalState\\MediaDb.v1.sqlite-wal.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\localstate\\mediadb.v1.sqlite-wal.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Photos_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.photos_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsAlarms_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsalarms_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsCalculator_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowscalculator_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsCamera_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowscamera_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsFeedback_cw5n1h2txyewy\\LocalState\\_sessionState.xml.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsfeedback_cw5n1h2txyewy\\localstate\\_sessionstate.xml.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsFeedback_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsfeedback_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsMaps_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsmaps_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsPhone_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsphone_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowssoundrecorder_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsStore_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsstore_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.xboxgamecallableui_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.xboxidentityprovider_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.ContactSupport_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.contactsupport_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\windows.immersivecontrolpanel_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.immersivecontrolpanel_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Windows.PurchaseDialog_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\windows.purchasedialog_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\128.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\eventpage_bin_prod.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\manifest.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\manifest.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\page_embed_script.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_1\\page_embed_script.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\manifest.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\128.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pjkljhegncpnkpknbcohdijeoejaedia\\8.1_0\\manifest.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\angular.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\common.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.css.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\feedback.html.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\5817.313.0.5_0\\manifest.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.com_0.indexeddb.leveldb\\000003.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\indexeddb\\https_www.google.com_0.indexeddb.leveldb\\000003.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\IndexedDB\\https_www.google.de_0.indexeddb.leveldb\\000003.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\indexeddb\\https_www.google.de_0.indexeddb.leveldb\\000003.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Internet Explorer\\Recovery\\Last Active\\{DAB3814F-C5D5-11E7-9BDA-C40142ECDE47}.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\recovery\\last active\\{dab3814f-c5d5-11e7-9bda-c40142ecde47}.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{2546D910-B905-4D30-88C9-B63C603DA134}.3.ver0x0000000000000001.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{2546d910-b905-4d30-88c9-b63c603da134}.3.ver0x0000000000000001.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000033.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000033.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000034.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000034.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.1.ver0x0000000000000035.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{3da71d5a-20cc-432f-a115-dfe92379e91f}.1.ver0x0000000000000035.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000012.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000012.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Microsoft\\Windows\\Caches\\{AFBF9F1A-8EE8-4C77-AF34-C647E37CA0D9}.1.ver0x0000000000000013.db.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\caches\\{afbf9f1a-8ee8-4c77-af34-c647e37ca0d9}.1.ver0x0000000000000013.db.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\0e292d2be40784b709a96299f7f56c4c.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\0e292d2be40784b709a96299f7f56c4c.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\28c9257769b2913b70283ca4759e2034.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\28c9257769b2913b70283ca4759e2034.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\2bf8db03609478000e25532b94a93e81.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\2bf8db03609478000e25532b94a93e81.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\5d432dc88d56856d87faecfa9b48853b.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\5d432dc88d56856d87faecfa9b48853b.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\77ec32dc2bee35c0b759503a76ed5b66.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\77ec32dc2bee35c0b759503a76ed5b66.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\b6dc1948244e7e4562c9356a0052d7af.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\b6dc1948244e7e4562c9356a0052d7af.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\thumbnails\\e214427ea25af5774381fe2c2582382e.png.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\mozilla\\firefox\\profiles\\8i341t8m.default\\thumbnails\\e214427ea25af5774381fe2c2582382e.png.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\Microsoft\\Windows\\1605653898\\4275773285.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoft\\windows\\1605653898\\4275773285.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\1ZJA02JO.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\1zja02jo.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\268TPJIA.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\268tpjia.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\6KWA3R8C.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\6kwa3r8c.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\85DGK2J5.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\85dgk2j5.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\FPNDV7T3.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\fpndv7t3.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\J9KFLZDX.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\j9kflzdx.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\JN00AKV9.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\jn00akv9.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\OR8K8VRM.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\or8k8vrm.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\TK0LXHBL.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\tk0lxhbl.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\VC62GJSF.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\vc62gjsf.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!001\\MicrosoftEdge\\Cookies\\VSMDVD55.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!001\\microsoftedge\\cookies\\vsmdvd55.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\51TU1403.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\51tu1403.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\5GJKP08H.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\5gjkp08h.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\6NQ9V8CD.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\6nq9v8cd.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\JZ1UUUP9.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\jz1uuup9.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\KW0ULAFV.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\kw0ulafv.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\SW6Z4AI1.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\sw6z4ai1.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\TU6XBKFE.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\tu6xbkfe.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\#!002\\MicrosoftEdge\\Cookies\\U9PT9V3Q.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\#!002\\microsoftedge\\cookies\\u9pt9v3q.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\Microsoft\\Windows\\1605653898\\4275773285.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoft\\windows\\1605653898\\4275773285.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\1143SFPT.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\1143sfpt.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\1HP9XSYA.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\1hp9xsya.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\205ESPV2.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\205espv2.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\Cookies\\Y51OCFZ0.txt.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cookies\\y51ocfz0.txt.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\CortanaAssist\\AllowList.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\cortanaassist\\allowlist.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AC\\MicrosoftEdge\\User\\Default\\DomainSuggestions\\en-US.1.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\ac\\microsoftedge\\user\\default\\domainsuggestions\\en-us.1.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\edb.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\edb.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\edbtmp.log.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\edbtmp.log.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\\AppData\\User\\Default\\Indexed DB\\IndexedDB.edb.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftedge_8wekyb3d8bbwe\\appdata\\user\\default\\indexed db\\indexeddb.edb.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.microsoftsolitairecollection_8wekyb3d8bbwe\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.assignedaccesslockapp_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\\Settings\\settings.dat.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\\settings\\settings.dat.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\12\\zinc[1].htm.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\12\\zinc[1].htm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\045d3532[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\045d3532[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\09b80652[1].css.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\09b80652[1].css.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\1cc152ef[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\1cc152ef[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\3c99c1b4[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\3c99c1b4[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\3e533cad[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\3e533cad[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\4b55922b[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\4b55922b[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\613fadbe[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\613fadbe[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\69d5af3a[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\69d5af3a[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8590ff3b[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8590ff3b[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8636b4dd[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8636b4dd[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\8925e2fd[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\8925e2fd[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\916eb510[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\916eb510[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\a282b3bf[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\a282b3bf[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\bb5c331f[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\bb5c331f[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\ca2ffdc0[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\ca2ffdc0[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\d5ac23a7[1].css.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\d5ac23a7[1].css.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\e48237f6[1].js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\e48237f6[1].js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\e994e448[1].css.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\e994e448[1].css.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\efcb0cd5[1].css.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\efcb0cd5[1].css.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\f544a93b[1].css.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\f544a93b[1].css.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\15\\Init[1].htm.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\15\\init[1].htm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\5\\zinc[1].htm.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\5\\zinc[1].htm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\AppCache\\R1UTJCT7\\6\\zinc[1].htm.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\appcache\\r1utjct7\\6\\zinc[1].htm.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.Windows.Cortana_cw5n1h2txyewy\\AC\\Microsoft\\Windows\\3530508098\\2495906576.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windows.cortana_cw5n1h2txyewy\\ac\\microsoft\\windows\\3530508098\\2495906576.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Packages\\Microsoft.WindowsFeedback_cw5n1h2txyewy\\AC\\Microsoft\\Windows\\3375042201\\1858609885.pri.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\packages\\microsoft.windowsfeedback_cw5n1h2txyewy\\ac\\microsoft\\windows\\3375042201\\1858609885.pri.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_gb\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_us\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_br\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_pt\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_cn\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_tw\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_gb\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_us\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_br\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_pt\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_cn\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_tw\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_gb\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_us\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_br\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_pt\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_cn\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_tw\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_br\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_pt\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_cn\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_tw\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_gb\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_us\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_br\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_pt\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_cn\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_tw\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dashersettingschema.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_gb\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_us\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.GDCB", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json.gdcb", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\Local\\Application Data\\Application Data\\Application Data\\Application Data\\Application Data\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\google\\chrome\\user data\\default\\extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json", "operations": [ "access" ], "type": "file_artifact", "version": 1 }, { "filename": "C:\\Documents and Settings\\CIiHmnxMn6Ps\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\DOMStore\\JUKMMX7P\\secure-ds.serving-sys[1].xml", "hashes": [], "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\jukmmx7p\\secure-ds.serving-sys[1].xml", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [ { "ip_address": "101.226.79.205", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "112.90.141.215", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [ { "mutex_name": "Global\\pc_group=WORKGROUP&ransom_id=dce1bb8bd2ca4def", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 }, { "mutex_name": "firefox browser", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [ { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\services\\Tcpip\\Parameters", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Control Panel\\International", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Keyboard Layout\\Preload", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Services\\Tcpip\\Parameters", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows NT\\DNSClient", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Wbem\\CIMOM", "type": "registry_artifact", "version": 1 }, { "operations": [ "access" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Policies\\Microsoft\\Windows\\System", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 }, { "operations": [ "access", "read" ], "reg_key_name": "HKEY_CURRENT_USER\\Software\\Microsoft\\Command Processor", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [ { "operations": "GET", "type": "url_artifact", "url": "ipv4bot.whatismyipaddress.com/", "version": 1 }, { "operations": "POST", "type": "url_artifact", "url": "78.155.206.6/curl.php?token=1019", "version": 1 } ], "version": 1 }, "extracted_files": [ { "archive_path": "extracted_files/93dd44a5f16cedd2f4793bd8b9a19523d49fc9e8", "file_type": "created_file", "id": "file_2", "md5_hash": "2548e6fc9eb17e55d22dcfb4bf27212d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\tubcvd.exe", "sha1_hash": "93dd44a5f16cedd2f4793bd8b9a19523d49fc9e8", "sha256_hash": "5d53050a1509bcc9d97552fa52c1105b51967f4ccf2bde717b502605db1b5011", "size": 131584, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_4", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_5", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\$recycle.bin\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_6", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\$recycle.bin\\s-1-5-18\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_7", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\$recycle.bin\\s-1-5-21-1462094071-1423818996-289466292-1000\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_8", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_9", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\bg-bg\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_10", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\cs-cz\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_11", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\da-dk\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_12", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\de-de\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_13", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\el-gr\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_14", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\en-gb\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_15", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\en-us\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_16", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\es-es\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_17", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\es-mx\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_18", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\et-ee\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_19", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\fi-fi\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_20", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\fonts\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_21", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\fr-ca\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_22", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\fr-fr\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_23", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\hr-hr\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_24", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\hu-hu\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_25", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\it-it\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_26", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\ja-jp\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_27", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\ko-kr\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_28", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\lt-lt\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_29", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\lv-lv\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_30", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\nb-no\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_31", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\nl-nl\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_32", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\pl-pl\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_33", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\pt-br\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_34", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\pt-pt\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_35", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\qps-ploc\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_36", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\resources\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_37", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\resources\\en-us\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_38", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\ro-ro\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_39", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\ru-ru\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_40", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\sk-sk\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_41", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\sl-si\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_42", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\sr-latn-cs\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_43", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\sr-latn-rs\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_44", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\sv-se\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_45", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\tr-tr\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_46", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\uk-ua\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_47", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\zh-cn\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_48", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\zh-hk\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_49", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\boot\\zh-tw\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_50", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_51", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\perflogs\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_52", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\recovery\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_53", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\recovery\\windowsre\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_56", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_57", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_58", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_69", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_70", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_71", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_72", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\collab\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_73", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\forms\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_74", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\jscache\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_75", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\security\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_76", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\acrobat\\dc\\security\\crlcache\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_77", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\flash player\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_78", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\flash player\\assetcache\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_79", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\flash player\\assetcache\\nahqnpmn\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_80", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\flash player\\nativecache\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_81", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\headlights\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_82", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\linguistics\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_83", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_84", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_91", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\sonar\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_92", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\sonar\\sonar1.0\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_101", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\identities\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_102", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\identities\\{ca8ca1bb-f2a6-4e9c-b7cc-fb56671763e8}\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_115", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_116", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_117", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_118", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\#sharedobjects\\dqqhjz8c\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_119", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_120", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_121", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_122", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\macromedia\\flash player\\macromedia.com\\support\\flashplayer\\sys\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_123", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_124", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\addins\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_125", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\bibliography\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_126", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\bibliography\\style\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_127", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\credentials\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_128", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\crypto\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_129", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\crypto\\rsa\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_130", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-1462094071-1423818996-289466292-1000\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_131", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\document building blocks\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_132", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\document building blocks\\1033\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_133", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_136", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\excel\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_137", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\excel\\xlstart\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_138", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_139", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_140", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_141", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\implicitappshortcuts\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_142", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\quick launch\\user pinned\\taskbar\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_143", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_144", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\internet explorer\\userdata\\low\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_145", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\mmc\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_146", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\ms project\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_147", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\ms project\\16\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_148", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\ms project\\16\\en-us\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_149", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\network\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_150", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\network\\connections\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_151", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_152", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\network\\connections\\pbk\\_hiddenpbk\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_153", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\office\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_154", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\office\\recent\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_157", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\onenote\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_158", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\onenote\\16.0\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_161", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_166", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\powerpoint\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_167", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\proof\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_168", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\protect\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_169", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\protect\\s-1-5-21-1462094071-1423818996-289466292-1000\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_170", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\speech\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_171", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_172", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_173", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_174", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_175", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_176", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_183", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_184", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_185", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_186", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_187", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\document themes\\1033\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_188", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_189", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\managed\\smartart graphics\\1033\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_190", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_191", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\document themes\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_192", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\document themes\\1033\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_193", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\smartart graphics\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_194", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\livecontent\\16\\user\\smartart graphics\\1033\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_205", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\uproof\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_206", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\vault\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_207", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_208", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\accountpictures\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_209", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\libraries\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_210", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\network shortcuts\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_211", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\printer shortcuts\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_212", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\recent\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_213", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\recent\\automaticdestinations\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_214", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\recent\\customdestinations\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_215", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\sendto\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_216", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_217", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_218", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessibility\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_219", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\accessories\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_220", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\administrative tools\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_221", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\maintenance\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_222", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_223", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\system tools\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_224", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\windows powershell\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_225", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\templates\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_226", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_227", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_230", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\word\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_237", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_238", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\extensions\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_239", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_240", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\crash reports\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_241", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\crash reports\\events\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_242", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_243", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_254", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\bookmarkbackups\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_265", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\crashes\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_266", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\crashes\\events\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_267", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_268", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\archived\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_269", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\archived\\2017-05\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_280", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_281", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp\\winnt_x86-msvc\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_282", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-gmpopenh264\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_283", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_286", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_287", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_296", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\minidumps\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_307", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\saved-telemetry-pings\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_312", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore-backups\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_319", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_320", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_321", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_322", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_323", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.files\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_326", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_327", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_328", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.files\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_329", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.files\\journals\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_394", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_395", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_396", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_397", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_398", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\cache\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_403", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\toolssearchcacherdr\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_406", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_407", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_408", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_409", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cache\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_410", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cache\\cache\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_411", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrocef\\dc\\acrobat\\cookie\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_412", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\color\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_413", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\color\\profiles\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_425", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\cef\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_426", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\cef\\user data\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_427", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\comms\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_428", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\comms\\temp\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_431", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\comms\\unistore\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_432", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\comms\\unistoredb\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_433", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_434", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\google\\chrome\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_435", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\history\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_436", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\history\\low\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_437", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_438", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\clr_v2.0\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_439", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\clr_v4.0\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_440", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\feeds\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_441", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\forms\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_442", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\gamedvr\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_443", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\office\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/62396f13c1b0faaaec77a52a959100ac8552e65d", "file_type": "created_file", "id": "file_444", "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\onedrive\\gdcb-decrypt.txt", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "size": 2774, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a436612cd0a6b71203adee2ec4c54e57100198ca", "file_type": "created_file", "id": "file_55", "md5_hash": "b54a23c3a7b39a79fac497dc373bbd78", "norm_filename": "c:\\recovery\\windowsre\\reagent.xml.gdcb", "sha1_hash": "a436612cd0a6b71203adee2ec4c54e57100198ca", "sha256_hash": "e49227c9eca563bc13f73bbd8c27231be8720a3793531e14547944851886513d", "size": 1584, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/771bd564cb340ab471a52d5bdd9cabca2cca3be1", "file_type": "created_file", "id": "file_60", "md5_hash": "0f1459dde60a316ff823e5d139c35369", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\004-sn-0z5c.wav.gdcb", "sha1_hash": "771bd564cb340ab471a52d5bdd9cabca2cca3be1", "sha256_hash": "9f8bfa505d1427cf2580717fb15df2e836367faa754bff27b2c967989d6f8985", "size": 56560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0ee384ce272d390e882f951f253fd9d2fe0c810f", "file_type": "created_file", "id": "file_62", "md5_hash": "c985de94f816b08c703d1e8d93f38deb", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\1wmqlmoja01-ep.gif.gdcb", "sha1_hash": "0ee384ce272d390e882f951f253fd9d2fe0c810f", "sha256_hash": "0f4865b1175da7e03fdb6f4987e1f68cdcef4b67e8f60fb8e30b3deea9963810", "size": 4608, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ac7e41be580eab8ddaedc3088ac224da241df886", "file_type": "created_file", "id": "file_64", "md5_hash": "abff62fdf29c0c95ac6844262ab0d021", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\4sctkxf.ots.gdcb", "sha1_hash": "ac7e41be580eab8ddaedc3088ac224da241df886", "sha256_hash": "729c5213b77c8ca608f8029cc8b342ac3c7de3ca614d851e43ed86f987f89545", "size": 6416, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ac4277e0ac06f1c5bdb8b71ad3d34c3f287dddf5", "file_type": "created_file", "id": "file_66", "md5_hash": "73cf5cc0544c3516cf1336480a2916a5", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\6ttfnwvzd3wr1.wav.gdcb", "sha1_hash": "ac4277e0ac06f1c5bdb8b71ad3d34c3f287dddf5", "sha256_hash": "0c3ba80c00a2f1b7df032bd62d17281a5597a3a5414325feeba810e16618bff6", "size": 98000, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/735a08f05a58a7dc91196e380cfa32270ad1384e", "file_type": "created_file", "id": "file_68", "md5_hash": "ee9242e408267dfad7b630abd510826f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\8mu6pxfxklxwxfc.m4a.gdcb", "sha1_hash": "735a08f05a58a7dc91196e380cfa32270ad1384e", "sha256_hash": "3337830f27794128aae98c9549e4423d880f86358ea4684f0fb6f284350871f8", "size": 29744, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0b7883ceaf8b1b241054c889cd4ac4fa6090d54d", "file_type": "created_file", "id": "file_86", "md5_hash": "e9a8880e462c8674dace0cb09394f7c1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\ulog_acroarm2_reader_c8be971a-de95-4557-abcb-db98e0788e08_00209595-b6ba-4fa7-88b0-97083d4c2159_0.log.gdcb", "sha1_hash": "0b7883ceaf8b1b241054c889cd4ac4fa6090d54d", "sha256_hash": "bdeb8a73af6dbb1f3916252969669a1a5eb79c1536cd215770d6954ca563ed2e", "size": 1936, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7345966c786336a8958b252471e50f15c02deb49", "file_type": "created_file", "id": "file_88", "md5_hash": "49e7890b98e4442c515ccc9b49868c23", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\ulog_acroarm2_reader_c8be971a-de95-4557-abcb-db98e0788e08_56653bcd-022e-4023-b1f6-9926fada0024_0.log.gdcb", "sha1_hash": "7345966c786336a8958b252471e50f15c02deb49", "sha256_hash": "1214c9d673d0ddf85d399eebcfb9e253b3b9cab58d8b4633c19883d36e808a12", "size": 1744, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/af0df73951537463b1487d42a99e27d7300262cd", "file_type": "created_file", "id": "file_90", "md5_hash": "d8cdf288e13aadb2ce14a68a669f630a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logtransport2.cfg.gdcb", "sha1_hash": "af0df73951537463b1487d42a99e27d7300262cd", "sha256_hash": "31e88e523d65f182fb89bb2a06530a1e5403047db3e4fff4320a3a30832aaf5b", "size": 752, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d217de833b350ab50ba97c238cbcc18704859f29", "file_type": "created_file", "id": "file_94", "md5_hash": "0c27e5c8b0aa653b07acefc50652d175", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\sonar\\sonar1.0\\sonar_policy.xml.gdcb", "sha1_hash": "d217de833b350ab50ba97c238cbcc18704859f29", "sha256_hash": "e0674cc38b38e8e3d90037c5708061d4af4e9ec1f5a637d1cdaf8d042fe172c6", "size": 19296, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8bc8db3d2e1665627517a438f14b10d456189d71", "file_type": "created_file", "id": "file_96", "md5_hash": "18e9c822299394be54340564c9495fb9", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\cztjlrmt.bmp.gdcb", "sha1_hash": "8bc8db3d2e1665627517a438f14b10d456189d71", "sha256_hash": "89962cf39be2b75f7426d6587173960e24133af7634ee946681f7809d5ce980b", "size": 88512, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/513a365e82651b25951bc673a31a92c69cbb149f", "file_type": "created_file", "id": "file_98", "md5_hash": "4fd8b71eb547e80a511dea90be2d937e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\exocxblrlmurhv.gif.gdcb", "sha1_hash": "513a365e82651b25951bc673a31a92c69cbb149f", "sha256_hash": "41a0166c378b2e435300c9445ad20385da33592f6aae8b4f083de3118104a9ad", "size": 77328, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8c8812203e8f54e2bcd491ce29ccdfb8ff0efbb7", "file_type": "created_file", "id": "file_100", "md5_hash": "33fdf31ed083a84ce2717ffb862ae2e0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\fcmh0q4.bmp.gdcb", "sha1_hash": "8c8812203e8f54e2bcd491ce29ccdfb8ff0efbb7", "sha256_hash": "b43655c0d7d972ee2bf316f757c05f9acd99809c4d730bc6ed99ddb92f77f871", "size": 42320, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/56e9635f12557abb4b74e6765c41a97aee797d94", "file_type": "created_file", "id": "file_104", "md5_hash": "0ddfd813a62431944e9b86bc00b0c1e3", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\imbmboer.ppt.gdcb", "sha1_hash": "56e9635f12557abb4b74e6765c41a97aee797d94", "sha256_hash": "5e2349f3cfc00d0623f1168d723ea63d9e371b6ae4496bd2c88f930b19526e08", "size": 15744, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/87b0ce6ba99aab6f95d4e42a442ec6091a1f3287", "file_type": "created_file", "id": "file_106", "md5_hash": "f84242aad257414c6299394eaef94f9c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ixwxy.png.gdcb", "sha1_hash": "87b0ce6ba99aab6f95d4e42a442ec6091a1f3287", "sha256_hash": "848fb7439563b074c3cafd736a079171778af3d77dc4ec1dd37c2e308ad62da8", "size": 36976, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a0158afe4f3177fb8c838b46da76c89a637f17b6", "file_type": "created_file", "id": "file_108", "md5_hash": "b5415449808e3c6932f4f94d1761bb37", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\jxoh-eft2nw-t9x.wav.gdcb", "sha1_hash": "a0158afe4f3177fb8c838b46da76c89a637f17b6", "sha256_hash": "2a12c5c57bddc771133012588410bd27b00e5c5aa4f38e08d77805b17b9be816", "size": 27008, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/80a1751c44bf254cdc45a879f337048120065548", "file_type": "created_file", "id": "file_110", "md5_hash": "1a47edbd8f8d1889567df663c75e238f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ldeazaydq h9.jpg.gdcb", "sha1_hash": "80a1751c44bf254cdc45a879f337048120065548", "sha256_hash": "db8c32bdd3d523dd3327bc56d93e63a74f7be65c3f926cc96b9d18e33832e6ff", "size": 68960, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/40b02c8e732ea82fd2055347bb2510eb73049ebe", "file_type": "created_file", "id": "file_112", "md5_hash": "939b6ecc6f0aa446c5299714281818cf", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\lsi0fbp1d3.flv.gdcb", "sha1_hash": "40b02c8e732ea82fd2055347bb2510eb73049ebe", "sha256_hash": "32791fd4f7b088308114afd699eb68b8a2adbbae87390a71d3729fa503202ebb", "size": 57216, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1e186a019d9f1206dcc31664ccf280f05673e55c", "file_type": "created_file", "id": "file_114", "md5_hash": "332b91fdf7f7aeba767b44d868a765b9", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\lxrxkbm2nnswbbwwbk42.mp4.gdcb", "sha1_hash": "1e186a019d9f1206dcc31664ccf280f05673e55c", "sha256_hash": "0b92c0b6c77f30eab7f9ad126587ad43ae31dcd64cf5de5792cdf783991bfa62", "size": 98880, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6a56eafd259c03d9038640e65c04e06c777a6918", "file_type": "created_file", "id": "file_135", "md5_hash": "8e8c7452e491075de50f5e9a84a2905f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx.gdcb", "sha1_hash": "6a56eafd259c03d9038640e65c04e06c777a6918", "sha256_hash": "98f04c9c24889b943e54bed16be1c26ac46df40e5618e9b8fe57af8b441dd8ab", "size": 3706592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f1116dc673d7f32d1d5e727f08c18e3be3a9e6be", "file_type": "created_file", "id": "file_156", "md5_hash": "17dad9f4045de6bceb1598659d4c8c5a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\office\\recent\\index.dat.gdcb", "sha1_hash": "f1116dc673d7f32d1d5e727f08c18e3be3a9e6be", "sha256_hash": "5e325548acad4849cc825bb073774b29004488bce2942e5f47d36b0d071d9bb2", "size": 592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d60250ead57dd4dd0d711191546713fe55a6e40d", "file_type": "created_file", "id": "file_160", "md5_hash": "60933f9f1dd6608884f46526bfcc62f2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\onenote\\16.0\\preferences.dat.gdcb", "sha1_hash": "d60250ead57dd4dd0d711191546713fe55a6e40d", "sha256_hash": "9ecc1aa70a74f8f3fb3a94b4e4529d55b4d9bb5701058c2dbf9e6f9f373afa7e", "size": 5712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9c7c9b74a28b541ab43a08797d5a7ce1b19238a5", "file_type": "created_file", "id": "file_163", "md5_hash": "4f1121df7817b939d28f8853a82910b9", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\outlook.srs.gdcb", "sha1_hash": "9c7c9b74a28b541ab43a08797d5a7ce1b19238a5", "sha256_hash": "380a1f0a103ed3ded033a0759cd64e3007792e094f58ee01e6f46cfcf1d16624", "size": 3088, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/223ff832d6bd7ef200da2fc1669a2e2770355f63", "file_type": "created_file", "id": "file_165", "md5_hash": "96d99e275adaad30e6e1d1c79a424e8d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\outlook.xml.gdcb", "sha1_hash": "223ff832d6bd7ef200da2fc1669a2e2770355f63", "sha256_hash": "b08df0b6489862834b419808312bb6b5b06bdca4604344a9a201a629d882550c", "size": 2928, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a5f7bdbae0f3bbfc5f8005b13c6bd38fb22bc3c8", "file_type": "created_file", "id": "file_178", "md5_hash": "9ace8d3f5804bec2bf33322bbd7634f2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\calendar insights.xltm.gdcb", "sha1_hash": "a5f7bdbae0f3bbfc5f8005b13c6bd38fb22bc3c8", "sha256_hash": "9a745102c9d7ffa9789062f6a95a6c62ac685971c15c072a0afce0c355cb6cca", "size": 914816, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4bbbf4874ac53fd766f33e21a89112c9a312d646", "file_type": "created_file", "id": "file_180", "md5_hash": "f4f0fae8060d4b08ae97df8fbcbc778a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\cashflow analysis.xltm.gdcb", "sha1_hash": "4bbbf4874ac53fd766f33e21a89112c9a312d646", "sha256_hash": "fce588c4aa8dad0103095bec57de759262ad9375eec73cdb1d4f59fcc392663c", "size": 380544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/25ed003799a398df182d45e21bbce9581e5ffbd1", "file_type": "created_file", "id": "file_182", "md5_hash": "8d95a48beceba8f02826bc19d41d757b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\email insights.xltm.gdcb", "sha1_hash": "25ed003799a398df182d45e21bbce9581e5ffbd1", "sha256_hash": "dbe9e6b516890cc3fff90caabf3406974ba8ca0bdef492a7138b354860e4fae7", "size": 738608, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d2eef073cfe342424dc5037aaf80a9053d856c48", "file_type": "created_file", "id": "file_196", "md5_hash": "a1f1d47ce549e3030af0fc7ebbf1ddf4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\normal.dotm.gdcb", "sha1_hash": "d2eef073cfe342424dc5037aaf80a9053d856c48", "sha256_hash": "69560b53a62f017be4dadda81b79f7dba384f6490bb5d89ac254025c73babf0e", "size": 19584, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9b1d3550bf89fc2d0a150f65b08e60d23bf7d68f", "file_type": "created_file", "id": "file_198", "md5_hash": "4125923df0d5c4f8c5f8fbe6d953f890", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\process map for basic flowchart.xltx.gdcb", "sha1_hash": "9b1d3550bf89fc2d0a150f65b08e60d23bf7d68f", "sha256_hash": "845e7fae5297ef9160843a26088ade29b34791d1519c009e5c138b9d09550015", "size": 110480, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/401063e54ac2fca064d0d62d5508936da4353ce6", "file_type": "created_file", "id": "file_200", "md5_hash": "06be6a0f948f33e4925148ac17e57a7a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\process map for cross-functional flowchart.xltx.gdcb", "sha1_hash": "401063e54ac2fca064d0d62d5508936da4353ce6", "sha256_hash": "467b8d5fb7efee0fee5eb90b0b376d01b47ce3449f0806bd23258b9d4b4040a7", "size": 145264, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/754bae77c4fbde31bbf4f9cd7f01522a923a1b10", "file_type": "created_file", "id": "file_202", "md5_hash": "47157eb06e51d5598d4e50d3ffdce68c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\stock symbols comparison.xltm.gdcb", "sha1_hash": "754bae77c4fbde31bbf4f9cd7f01522a923a1b10", "sha256_hash": "000bf1b2ffae653fc0165337f881adb2bf84dce78848b89740d892e5c62e5075", "size": 1459616, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6ec7ee5763c5da5388cc640811d7719cb3d74c66", "file_type": "created_file", "id": "file_204", "md5_hash": "e855d4238bfb403c0e8a9a8ce692374d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\welcome to excel.xltx.gdcb", "sha1_hash": "6ec7ee5763c5da5388cc640811d7719cb3d74c66", "sha256_hash": "7bb0213fbe8377d4a2ad86fb472f7348c3327bead9afd7b7c7a103d2317f2709", "size": 495280, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/34f5af6657e94adf4abb54bdc7033d7498ba1020", "file_type": "created_file", "id": "file_229", "md5_hash": "928f5eddd1ad2f0d337d43e0255ac530", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg.gdcb", "sha1_hash": "34f5af6657e94adf4abb54bdc7033d7498ba1020", "sha256_hash": "c7e3a962018b3fe78fd6992cba2e16db651ffad02d178b1aa453cda36c94100f", "size": 75936, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/55494dbf28e2c893ddbf05315376a48e9042cc8b", "file_type": "created_file", "id": "file_232", "md5_hash": "1a5c5b11fb72d3f1a229d3502ee42617", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mj7j-r46l5.pptx.gdcb", "sha1_hash": "55494dbf28e2c893ddbf05315376a48e9042cc8b", "sha256_hash": "e98a3429769c1c5e7c25bdfe73bf05b48de0ded074257393d762a5b6d0555b8a", "size": 47872, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d57943b008b3cdccec058f84199cfd83da2959d5", "file_type": "created_file", "id": "file_234", "md5_hash": "5d41e1436cb152465ca01f00ef2e86ba", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mldkkprkrb.mkv.gdcb", "sha1_hash": "d57943b008b3cdccec058f84199cfd83da2959d5", "sha256_hash": "803550b48b231e0d3a8857c12e93eb9adba2dcdd59dd1388ceaaa52850da90f3", "size": 23760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/63a856991bfd691bff8ee577668c09504ad4f460", "file_type": "created_file", "id": "file_236", "md5_hash": "2a49933dba48b24d252de021e4413c12", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mmsanu.wav.gdcb", "sha1_hash": "63a856991bfd691bff8ee577668c09504ad4f460", "sha256_hash": "67dd7bf30a073152cd6c49d9576c0e61ad49ee2c6cc73e098f9d45814786a201", "size": 73536, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f94ad6ebc41a5518eeb48b683896ca132753a07b", "file_type": "created_file", "id": "file_245", "md5_hash": "63368ee730c3a277e09a80617cbd5e38", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\addons.json.gdcb", "sha1_hash": "f94ad6ebc41a5518eeb48b683896ca132753a07b", "sha256_hash": "9d9b1f87ce8404f1c281d58a3e4f48c97c5f53e197c9dcf91a07095e86bffefd", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a610ac512fbd42c8bf0c937353c73126d7cfc86b", "file_type": "created_file", "id": "file_247", "md5_hash": "95e6ddee73cb0be4cacbdf0c5e64c3bf", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-addons.json.gdcb", "sha1_hash": "a610ac512fbd42c8bf0c937353c73126d7cfc86b", "sha256_hash": "0a9c87662454702d945325d4cd48ca883193dc964cbe3774f4e2cb5805d68405", "size": 460832, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/67bc366aef9829e1d1a6874733fce749848d2db2", "file_type": "created_file", "id": "file_249", "md5_hash": "18c18310a1a4b578b24ab7ee03225b37", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-gfx.json.gdcb", "sha1_hash": "67bc366aef9829e1d1a6874733fce749848d2db2", "sha256_hash": "963b33dbe8ac26086924d94d1d02b72b5e84247b365c152de45855aebab3cf86", "size": 28496, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d62a36592e1c94125f35ea92ba1c5a0ba8958e0f", "file_type": "created_file", "id": "file_251", "md5_hash": "3c4ba43c591d9a995a4e14849e15213f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-plugins.json.gdcb", "sha1_hash": "d62a36592e1c94125f35ea92ba1c5a0ba8958e0f", "sha256_hash": "aae79e221d6bc7dd501e061dd79541549be7165c14a27ae96319c9a1f267ef86", "size": 201936, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cbd0f640b7f5804c895cf543ed8ffe41f9c0fa0c", "file_type": "created_file", "id": "file_253", "md5_hash": "b42b628d5dca2a4c49434b6a03522809", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist.xml.gdcb", "sha1_hash": "cbd0f640b7f5804c895cf543ed8ffe41f9c0fa0c", "sha256_hash": "e14c1f0a75916f47f02d9f55f8107cb2c831bf6db11efa35bf69d1429744427d", "size": 258480, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c1558a6fd950db3d38afb6e700a4ab3caa7c1f70", "file_type": "created_file", "id": "file_256", "md5_hash": "613a30081b1b9ada852e29802a034ed2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cert8.db.gdcb", "sha1_hash": "c1558a6fd950db3d38afb6e700a4ab3caa7c1f70", "sha256_hash": "f54950d4b656f6c0b8846bb7047a674992f36cfb74feaffcbd9358861e440642", "size": 98832, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f8b0868bb023bba1f9abaaa64f7dcbeeff6a7a7b", "file_type": "created_file", "id": "file_258", "md5_hash": "2a3c3b66601c50e814b219717edf86aa", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\compatibility.ini.gdcb", "sha1_hash": "f8b0868bb023bba1f9abaaa64f7dcbeeff6a7a7b", "sha256_hash": "6272ad9b4882b06d8a5a652ea5abd52fe3fbc4e799a030a262cc65906cf10ba9", "size": 736, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/278c9a3ffda0cde9caa393614b2d4dbf16a789eb", "file_type": "created_file", "id": "file_260", "md5_hash": "b47b6db7d02994ee9f6bf90c1d2e3f5a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\containers.json.gdcb", "sha1_hash": "278c9a3ffda0cde9caa393614b2d4dbf16a789eb", "sha256_hash": "ddc48214681a881253769f711fe50152ac977857e330e209e150e69bc467a4a6", "size": 1344, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eb3e164e64150a19f969534a0e2b1bf95ea0b6ea", "file_type": "created_file", "id": "file_262", "md5_hash": "f35e400158ea44277e5a8bb7c1a485fd", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\content-prefs.sqlite.gdcb", "sha1_hash": "eb3e164e64150a19f969534a0e2b1bf95ea0b6ea", "sha256_hash": "693709460fbc64459a073c75b7884154e8d8ad3167bc9cb72862a20421a3820e", "size": 229904, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b7fab54eafe8660767e4a2dcc11ad89c10acb231", "file_type": "created_file", "id": "file_264", "md5_hash": "4864d87fd4fafa8706618691582d50eb", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cookies.sqlite.gdcb", "sha1_hash": "b7fab54eafe8660767e4a2dcc11ad89c10acb231", "sha256_hash": "37aaf1db4f046763e91f881840cdca0454bb317906fa2394a42cdae2d07f233c", "size": 524816, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/383de7459c1c35baf6beb7e7e6e4f165185a4395", "file_type": "created_file", "id": "file_271", "md5_hash": "7c081fc791cf3be85b4e2dafe3aab389", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\session-state.json.gdcb", "sha1_hash": "383de7459c1c35baf6beb7e7e6e4f165185a4395", "sha256_hash": "dff105a193540e215cdafbc559d7cec184f9f50d942ada29dcf763bb51d00597", "size": 672, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b29ac0b83eb704bba13d503577684c047d506bac", "file_type": "created_file", "id": "file_273", "md5_hash": "de383ebb4d7ac5e53d6a9e1ef7e7429a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\state.json.gdcb", "sha1_hash": "b29ac0b83eb704bba13d503577684c047d506bac", "sha256_hash": "fa423e9f4c4ad6755daad03d9927de43db5f2a62376834db23f4fdef0a26ad4e", "size": 592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1655556dbcc057caaf173dbdf8b7aa8759b86cad", "file_type": "created_file", "id": "file_275", "md5_hash": "1158e7c90296ec9bf67c228d6f3c82f3", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.ini.gdcb", "sha1_hash": "1655556dbcc057caaf173dbdf8b7aa8759b86cad", "sha256_hash": "c676704ab822a77ae4638152c45d22798310b7591864f62771d0a344103fd9c8", "size": 720, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8978fc01f9c0d629b201bca3560ece8546e2a9da", "file_type": "created_file", "id": "file_277", "md5_hash": "4a11ded0abd05200164f479de2f050b0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.json.gdcb", "sha1_hash": "8978fc01f9c0d629b201bca3560ece8546e2a9da", "sha256_hash": "aa8ba1f603ffe755fc757dd6e1b16eb10a1ccfdaffb159dfc3c51ff8f4814315", "size": 6464, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f5fb3a92b9593a2129221d2e869d0b0292de1ddd", "file_type": "created_file", "id": "file_279", "md5_hash": "0b72679469ad78247f075472f7d44d45", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\formhistory.sqlite.gdcb", "sha1_hash": "f5fb3a92b9593a2129221d2e869d0b0292de1ddd", "sha256_hash": "ac4a10e90c1be5404f34a37edbdf08924a72967e116c947504a0f0c510034eb5", "size": 197136, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e4fce1eb219d8d304812b53bd1427490097907ea", "file_type": "created_file", "id": "file_285", "md5_hash": "fe0449f06ab00664525baf7d99f7098f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.info.gdcb", "sha1_hash": "e4fce1eb219d8d304812b53bd1427490097907ea", "sha256_hash": "ae444fe438ee798026241438896f04a859b3e3a129842725a03e29675c407108", "size": 656, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/69e7fd956893ce2990e1ddea955023280f711a97", "file_type": "created_file", "id": "file_289", "md5_hash": "3348a379c9cc128bf216fa79ff4859f7", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\license.txt.gdcb", "sha1_hash": "69e7fd956893ce2990e1ddea955023280f711a97", "sha256_hash": "deb183b3ea1f5d8c4b6e3eadee0478c70fba58d3c4df8d66d1db25a6e76a1d39", "size": 1008, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/98d538e377c2f5c20ad739a72bc5f18c7b261d68", "file_type": "created_file", "id": "file_291", "md5_hash": "ff04887dc37b6731a048ece8ff32fb8f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\manifest.json.gdcb", "sha1_hash": "98d538e377c2f5c20ad739a72bc5f18c7b261d68", "sha256_hash": "6f92acd43145cc497ca677d6cd183e5d99b06abf534dbad3ba12c797c96b4d68", "size": 880, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6c753754225579ccf0964dad36af8dd673a729bc", "file_type": "created_file", "id": "file_293", "md5_hash": "19198bf743d858949597941a7667772d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\key3.db.gdcb", "sha1_hash": "6c753754225579ccf0964dad36af8dd673a729bc", "sha256_hash": "1d72a7021ec432f1fb582d0c23b0a650c95dbc89b37623af7d333a2f39c26e11", "size": 16912, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e9a2e3141c16a4e114f078e88add801d9161f76d", "file_type": "created_file", "id": "file_295", "md5_hash": "6cef10510eb4d85cc1a32afa2c95b78c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\kinto.sqlite.gdcb", "sha1_hash": "e9a2e3141c16a4e114f078e88add801d9161f76d", "sha256_hash": "6da159242cbbe8e6802e87c144afaee3b935142d8e9d3ad3ec15b16ff8c3a92f", "size": 1049104, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/61cedf727326bc6baf97f26a7ff7fc0dbd1b5186", "file_type": "created_file", "id": "file_298", "md5_hash": "5dd5df4019efab4438f5c144f24728b9", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\permissions.sqlite.gdcb", "sha1_hash": "61cedf727326bc6baf97f26a7ff7fc0dbd1b5186", "sha256_hash": "4c3b4f13857f461d004c53d1f42019c9571e5321e86954d066885a88f7494cca", "size": 98832, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1ba8034558d85940390c10caa7b2ab09dcada2f5", "file_type": "created_file", "id": "file_300", "md5_hash": "3ab16d235b46fffed29dda7fe31787a0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\places.sqlite.gdcb", "sha1_hash": "1ba8034558d85940390c10caa7b2ab09dcada2f5", "sha256_hash": "8b95953b69d7ff6000349477f52fd40a2cb515d08e8620adac189ebc7b58cb3e", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ecae0a478653ef771a197e00452ac03a2c9ebf12", "file_type": "created_file", "id": "file_302", "md5_hash": "162a464f975f993c02ff5de49fe6a2b4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\pluginreg.dat.gdcb", "sha1_hash": "ecae0a478653ef771a197e00452ac03a2c9ebf12", "sha256_hash": "f2881afc2955788c621332c75bb71ad9fc506ef5787b23a15043e1e7842d97e0", "size": 1104, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/81a0774f64a853bda4f96cb42d9d1d5192faa475", "file_type": "created_file", "id": "file_304", "md5_hash": "839d9a66603b13b7100d7fd075ecde59", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\prefs.js.gdcb", "sha1_hash": "81a0774f64a853bda4f96cb42d9d1d5192faa475", "sha256_hash": "b29027e15fe4483662d5ac2afcfd6dc1d15b16290b74efed77144ef0e7b699b2", "size": 12000, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/79856813a976809b7a141665745bc723fbf3af07", "file_type": "created_file", "id": "file_306", "md5_hash": "45b97e176b42c7ae086b7b03029accd1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\revocations.txt.gdcb", "sha1_hash": "79856813a976809b7a141665745bc723fbf3af07", "sha256_hash": "19167bd47a5e3b0b3e7164a05ff42024a1eedaa6db483303c62b918941a85bf8", "size": 21952, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0ef3e6633d416d4d6b2ed46c12c7e59313936fc5", "file_type": "created_file", "id": "file_309", "md5_hash": "2001bfd869409aea96b4cf4e1f65ee67", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\secmod.db.gdcb", "sha1_hash": "0ef3e6633d416d4d6b2ed46c12c7e59313936fc5", "sha256_hash": "b44ab5c2c2912d3a68c285fb0b4ba224ba2e9ce6d471872d0f6a17c10a584220", "size": 16912, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f1fc2a755f082783eab12953878c7af32bc8bead", "file_type": "created_file", "id": "file_311", "md5_hash": "3c427b245983dca52645773e536fc82b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessioncheckpoints.json.gdcb", "sha1_hash": "f1fc2a755f082783eab12953878c7af32bc8bead", "sha256_hash": "78b76d62144692eeba9190289494dbc3f421089d423f36b91cd32dc1caf2ea4d", "size": 816, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cb31ffbb450e8129fbe6ebda11e5e793a66ed43c", "file_type": "created_file", "id": "file_314", "md5_hash": "a65d3e11898c7c575d3dccdd364a7486", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore-backups\\previous.js.gdcb", "sha1_hash": "cb31ffbb450e8129fbe6ebda11e5e793a66ed43c", "sha256_hash": "3ded70e20fab2e198fe845d80a133036f3bb13bccc85c8ba555520dcd31cc4f6", "size": 171872, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b880d6ec174e9bc8699aa22cf067311e89a2f0f8", "file_type": "created_file", "id": "file_316", "md5_hash": "5e613b2b8b410f7e91a31cde38585305", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore.js.gdcb", "sha1_hash": "b880d6ec174e9bc8699aa22cf067311e89a2f0f8", "sha256_hash": "53d04e36c7fc49fe215fe947f98bfaf398b2f101046b53f2fe43575f3ff5a4df", "size": 1520, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3c120c5f836e81287a81d560e4ccb64e95d6b00b", "file_type": "created_file", "id": "file_318", "md5_hash": "041f6ac7e85658c83cb4d1d92a8b22aa", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sitesecurityservicestate.txt.gdcb", "sha1_hash": "3c120c5f836e81287a81d560e4ccb64e95d6b00b", "sha256_hash": "9fca5af3190c6763539910f1a10020c260a45795c3da6f92225bddf177efaa98", "size": 2464, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/22efbf16fe06abb5007b6b7d9d792af433373336", "file_type": "created_file", "id": "file_325", "md5_hash": "68f90dc52361ba8b54c5692208616a49", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite.gdcb", "sha1_hash": "22efbf16fe06abb5007b6b7d9d792af433373336", "sha256_hash": "a2549c70334b67550eea1a49316375293f1d4f536071bd072783c2b24715545a", "size": 49680, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2a983860a398b83a0bceda217b22d27d4c4fa600", "file_type": "created_file", "id": "file_331", "md5_hash": "9fd26e3c40ca850bf1d4437feeb3bd3d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite.gdcb", "sha1_hash": "2a983860a398b83a0bceda217b22d27d4c4fa600", "sha256_hash": "c54caf1b4643adc5658dadcc45d57de9a9c43e05e3ba5843c91142aa541ecf77", "size": 49680, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cf6322306317c5a27e5c0f7a0da3f3f9232b34a3", "file_type": "created_file", "id": "file_336", "md5_hash": "6f2a52c09fa7f6d3c69675aac90d37a0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage.sqlite.gdcb", "sha1_hash": "cf6322306317c5a27e5c0f7a0da3f3f9232b34a3", "sha256_hash": "1d510585ce43f029a70421c6bded60edf95f921b514cd618216e76c74a79134a", "size": 1296, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f906dd014a476dd5caf67028cc455ba030bbbbf8", "file_type": "created_file", "id": "file_338", "md5_hash": "c13e394d8c873033447ffaf34c811ba2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\times.json.gdcb", "sha1_hash": "f906dd014a476dd5caf67028cc455ba030bbbbf8", "sha256_hash": "07766239384fcb6dd9f632361e234f384b04613057e88eb8cb417277f459eb12", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/94bebb8ad09222b7af1e7a089a05355f4293c99c", "file_type": "created_file", "id": "file_340", "md5_hash": "bffd156531792f40cefa19e057dad558", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\webappsstore.sqlite.gdcb", "sha1_hash": "94bebb8ad09222b7af1e7a089a05355f4293c99c", "sha256_hash": "52019841567ab9acf3eb39cbbf861c57418c104b145d251a24fcc3512061f0d8", "size": 98832, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e6c1100157864135373cad6ade9a053376cf4a25", "file_type": "created_file", "id": "file_342", "md5_hash": "52edb27b678a1423cc5a7c395ef9608b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\xulstore.json.gdcb", "sha1_hash": "e6c1100157864135373cad6ade9a053376cf4a25", "sha256_hash": "6fdd876dfa1b9c30e419ad3dac18e8faadcb0da33de2a40127889af556643697", "size": 1360, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d7f6f8a7815a14efdebb2754040e8fb73a347ca3", "file_type": "created_file", "id": "file_344", "md5_hash": "f9b2be39da460d7ba7d475b20ccfc59d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles.ini.gdcb", "sha1_hash": "d7f6f8a7815a14efdebb2754040e8fb73a347ca3", "sha256_hash": "f21a073bcdaf73514ec6a0d7fb9853713a03cd18e575bfa4da5d14b8d2be2d6f", "size": 656, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fd79e1963a73ef30addd8b225fb4e4d06ffe92cf", "file_type": "created_file", "id": "file_346", "md5_hash": "d57dbcbf6a88104beb63b936dc523e3b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\pp7pzivznjg.gif.gdcb", "sha1_hash": "fd79e1963a73ef30addd8b225fb4e4d06ffe92cf", "sha256_hash": "7c5a6e99c73e948a038c9dbf2a891c7187ce76c70345848e84bbff30905777b2", "size": 72896, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/58b7c5d30ed9df0fe283aba2f368b826337e28f3", "file_type": "created_file", "id": "file_348", "md5_hash": "e0c6b057994cea53aca5f8f94498c0d8", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\py_6.pdf.gdcb", "sha1_hash": "58b7c5d30ed9df0fe283aba2f368b826337e28f3", "sha256_hash": "76baf9d9a12200bc983502dcf8c274adb689a8bfe65c21c3d8a4827d6bcc0dac", "size": 12224, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2c5edc2e66f4f46a812b49b6ae9763714737b001", "file_type": "created_file", "id": "file_350", "md5_hash": "698b179fa80e5f6a2e6e5b2c882fa516", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\qvlruvqbw5.mp3.gdcb", "sha1_hash": "2c5edc2e66f4f46a812b49b6ae9763714737b001", "sha256_hash": "00d687b4f63a0ca65f90a85e6cb6d8c619984eb5e5d325897db9445a3828bf95", "size": 33456, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c17f1563210af31c488a83d1c55526b7db443428", "file_type": "created_file", "id": "file_352", "md5_hash": "dba97cfd81384dade62415ad23075d8e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\rdjeorfwlmiukr-wj-g.mp3.gdcb", "sha1_hash": "c17f1563210af31c488a83d1c55526b7db443428", "sha256_hash": "9b03c0a4a0fa330d1c9ded547ac823b245a0597844845652f7dae41d7d48e455", "size": 28592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dfb94d643f80ba5350ad74277ae2bd3364b93173", "file_type": "created_file", "id": "file_354", "md5_hash": "10585553cebfdd919b6ac2566eac0528", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\s-oozle.avi.gdcb", "sha1_hash": "dfb94d643f80ba5350ad74277ae2bd3364b93173", "sha256_hash": "954c159ff12cefe8f56dad1a01c647afc990e76d77e2b42047672e0cc83e6c07", "size": 19776, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b5544585893e5f687bd35b6b75489f5f8ff54464", "file_type": "created_file", "id": "file_356", "md5_hash": "741bee2e736b4f9430c4880106dc06a2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\sao0lzdqm lb1jo.bmp.gdcb", "sha1_hash": "b5544585893e5f687bd35b6b75489f5f8ff54464", "sha256_hash": "8e8a8dd1726a2bf6824bdcf0905d20e74a317bfd1d898b2d3a7b15df812e2413", "size": 78064, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6018634d3a55422a1b662358f196b0da7f28ace4", "file_type": "created_file", "id": "file_358", "md5_hash": "e00bfaaa0bda8ae0bcc8759e6438bd98", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\skype\\roottools\\roottools.conf.gdcb", "sha1_hash": "6018634d3a55422a1b662358f196b0da7f28ace4", "sha256_hash": "c1d825c97c241f7a29f8278f3beb441b99a76ede63b760e136c7f3e333baec9c", "size": 608, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f119dedf61c417e1809dbc6de57d93d5e264ed9f", "file_type": "created_file", "id": "file_360", "md5_hash": "9adbbbed445282b7c1374621cc0c30b5", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\srk1.flv.gdcb", "sha1_hash": "f119dedf61c417e1809dbc6de57d93d5e264ed9f", "sha256_hash": "66fc505324a7d415fa2550ee6ccc2adc00b6a64de4e9669043638978893ff75e", "size": 68960, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/df8706892164e938506756ed8a1fe5aa0ab469dc", "file_type": "created_file", "id": "file_362", "md5_hash": "a39a82e1744b9603dc631703b82f092e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ufabmkau-rjobgodjy23.swf.gdcb", "sha1_hash": "df8706892164e938506756ed8a1fe5aa0ab469dc", "sha256_hash": "478cb831a5c381593a3ef08eff9f576b0fa74712e6144472728089f5267d77cf", "size": 24176, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dbf064c04dfff84e7e622733378542c81151869a", "file_type": "created_file", "id": "file_364", "md5_hash": "47b32f582829fc149c1ad975f7671b66", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\xdfxtyw.m4a.gdcb", "sha1_hash": "dbf064c04dfff84e7e622733378542c81151869a", "sha256_hash": "36dde405c3e3f3dafcf4e55a9414f9401ac1ac175daaa26d773f74b3c4f8e473", "size": 94784, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/85fa1bb9d2696df770fb46a4b9a2685319df9ac7", "file_type": "created_file", "id": "file_366", "md5_hash": "0eeb629f0eb9412ff0738d93418d1c9e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\xx9l.avi.gdcb", "sha1_hash": "85fa1bb9d2696df770fb46a4b9a2685319df9ac7", "sha256_hash": "602d3244d848e5752a29fe638b65cccfcd85a49e30b2aafc7901ec1968b3d80a", "size": 76032, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2412d3f539c38b8285928b16525d9c40b54481f8", "file_type": "created_file", "id": "file_368", "md5_hash": "4fe96b1e09829e3f42ecd021c3e85d10", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\x_3ykeu9f6ozxw.swf.gdcb", "sha1_hash": "2412d3f539c38b8285928b16525d9c40b54481f8", "sha256_hash": "37e5d8f5f86f9ebdbe1ddf77bab3791fa4bbdd350bc83f11e37f62ec4340a6c5", "size": 4592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cad5ffd351dcdf6d5ba4ff8d6142819251da7d2c", "file_type": "created_file", "id": "file_370", "md5_hash": "6452ffb3827cb5556b4c6355c9c28b6e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\yzrhhbr e0en.wav.gdcb", "sha1_hash": "cad5ffd351dcdf6d5ba4ff8d6142819251da7d2c", "sha256_hash": "4d09c75cdfbccfa2ef93806551cd707400cd44990fa0addf71434d57052f5e81", "size": 23264, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/77ad0642cbf80dc0453d54cf1dab63ef8105d0bb", "file_type": "created_file", "id": "file_372", "md5_hash": "f777816652dd4210dafcbddd17ce9415", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\z5f8f.pdf.gdcb", "sha1_hash": "77ad0642cbf80dc0453d54cf1dab63ef8105d0bb", "sha256_hash": "188425c773868fdd14e52b6f2b2477525e4cd3bb434fc38e238552c68663ef44", "size": 48160, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/856ba41045c8395875d330d9571a48b325ce4166", "file_type": "created_file", "id": "file_374", "md5_hash": "2b1714598076b3960ed27c2d3b9f6d2e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\aclviho asldjfl.contact.gdcb", "sha1_hash": "856ba41045c8395875d330d9571a48b325ce4166", "sha256_hash": "c4d0cd2a3f823e017690af78baeb16cc121bc588dba8f1b2ea939e2fcf3d4053", "size": 1712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/203aaf9efa41dad37802d11fe8daa25dfe2880f1", "file_type": "created_file", "id": "file_376", "md5_hash": "4f8ab5551de4b63418f33c793b55d29e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\asdlfk poopvy.contact.gdcb", "sha1_hash": "203aaf9efa41dad37802d11fe8daa25dfe2880f1", "sha256_hash": "1dfde3fe4e5134211e9c5311311045118d22959bc71cb0ba664efe9bbe34fc48", "size": 1712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6409c597cb6ad5f431902d89d556d5a6e3611400", "file_type": "created_file", "id": "file_378", "md5_hash": "ef62f6e9e42054153de73c873b2e377e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\chucu jadnvk.contact.gdcb", "sha1_hash": "6409c597cb6ad5f431902d89d556d5a6e3611400", "sha256_hash": "b269b2d672db2bd36d0bf40c6440e7e23de1072c94597445f82c8b2a10ab5ebb", "size": 1712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0617e004cd7d582ceed897f2e66acc2413bd435d", "file_type": "created_file", "id": "file_380", "md5_hash": "ae6f0f8df15f844656f13f8e1eba2209", "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\lulcit amkdfe.contact.gdcb", "sha1_hash": "0617e004cd7d582ceed897f2e66acc2413bd435d", "sha256_hash": "2c6328770748881c9ea17cbd97c22ed5a149d0918032da82789a9869181050fb", "size": 1712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7d5ae2df99f784c930b4fbc84c65064b56074f41", "file_type": "created_file", "id": "file_382", "md5_hash": "72f57c6c885b18c9ad1e97f7530db5d5", "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\sikvnb huvuib.contact.gdcb", "sha1_hash": "7d5ae2df99f784c930b4fbc84c65064b56074f41", "sha256_hash": "9914b535d048c4596854f57efe89cef04f32fc68741147d226f81734ac32fbe7", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7541d650523036993cabf3fdf89e41eefdd6c74b", "file_type": "created_file", "id": "file_384", "md5_hash": "b95857b0b180b1b3b086a7861ddeaa7d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\-__krkwudncw7vix_s.wav.gdcb", "sha1_hash": "7541d650523036993cabf3fdf89e41eefdd6c74b", "sha256_hash": "cf570f6643c64a1721afd8b0de34c84316939d4083e074f20abd90a3a821bdcb", "size": 52416, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1a01784e9062b03e20f94295fb5c715d81997775", "file_type": "created_file", "id": "file_386", "md5_hash": "38ee62682ffe9ac583b2dff019f52d5e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\8g6mia 6.pptx.gdcb", "sha1_hash": "1a01784e9062b03e20f94295fb5c715d81997775", "sha256_hash": "3ccd1425c07d594aafa0e6409ddcf353a49796500ce6ba5d976567e7d0235e04", "size": 36816, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/68fa51b8a08f5f3a10f708819f826e043e98a8ff", "file_type": "created_file", "id": "file_388", "md5_hash": "c6136a90fcead756bd15ce909ebf17a3", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\lfbogup.mp3.gdcb", "sha1_hash": "68fa51b8a08f5f3a10f708819f826e043e98a8ff", "sha256_hash": "2f24d74efbe540ac507c5e3ff4ff1edc3043f78bc525acd1b5e5a2bf7b5592b8", "size": 75952, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4886bd5d287310cc988664b2b1c71ea4450bada2", "file_type": "created_file", "id": "file_390", "md5_hash": "5311bfb29d17a6f43408b9ba889c684d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\ntuser.ini.gdcb", "sha1_hash": "4886bd5d287310cc988664b2b1c71ea4450bada2", "sha256_hash": "c5caf30250e61f4947d76f63620c2356341ff52983d9982e885ba4fc8a13e7bf", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fb052b9a5ef4e1615a710bb53f752d37a9419764", "file_type": "created_file", "id": "file_400", "md5_hash": "0fc7061e0eb376d2b0acbad381f47fdf", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\iconcacherdr.dat.gdcb", "sha1_hash": "fb052b9a5ef4e1615a710bb53f752d37a9419764", "sha256_hash": "406a7bf9b71455f12d35992195d5c07118d73d8859806a5a3e104ded75758464", "size": 54112, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0a0ddf8b74c5d38f9587157dca9fb33e6750f030", "file_type": "created_file", "id": "file_402", "md5_hash": "132bbc930f049894ccea5871ffe84ab8", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\iconcacherdr65536.dat.gdcb", "sha1_hash": "0a0ddf8b74c5d38f9587157dca9fb33e6750f030", "sha256_hash": "8364e5a9e4410c14a887d43e44d51c1aea63ec5ad44c2c97a718e9ba8580e840", "size": 184608, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3375b3ff827228a9f97ee756c354cdfc384886bb", "file_type": "created_file", "id": "file_405", "md5_hash": "bf882920036a75cb92c792306f46e5ec", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\usercache.bin.gdcb", "sha1_hash": "3375b3ff827228a9f97ee756c354cdfc384886bb", "sha256_hash": "8ab70fe4905f49f8d0d84d2baf791e58cdaa3f63ececf6f63fb5526aeedc32ed", "size": 63952, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/145d9ca3e2032073ddc3f0a297b10d479025da11", "file_type": "created_file", "id": "file_416", "md5_hash": "3bf4de62d5ecc6299d86cb914df154e4", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\armui.ini.gdcb", "sha1_hash": "145d9ca3e2032073ddc3f0a297b10d479025da11", "sha256_hash": "eb77ff5b42593075218ff67884a0ada3260a482cf7bb4d8ca1b6393ab5971516", "size": 257952, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/41ad042c6e4d239dc3ab5d1e1afedc4d8003e718", "file_type": "created_file", "id": "file_420", "md5_hash": "5e0ad431fc81650f8e806c3a7850912d", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\peyv.bmp.gdcb", "sha1_hash": "41ad042c6e4d239dc3ab5d1e1afedc4d8003e718", "sha256_hash": "ee7a9547438b54a799ab81473bcc68618a885979f73f1b7b90168dfd0ca288a9", "size": 62176, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1039877f8c3232b1c992096d5126b634f2c2616c", "file_type": "created_file", "id": "file_430", "md5_hash": "b4984e476fc4c3f7a877a610e51e45ad", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\comms\\temp\\calendarcache.dat.gdcb", "sha1_hash": "1039877f8c3232b1c992096d5126b634f2c2616c", "sha256_hash": "15f2c4dd846a56bacdd0cdcae19df41307ccfd697e24a68c04b21f5e1c5e902b", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7ee6a0f0270db05edbf912974c4cfa666d8a9557", "file_type": "created_file", "id": "file_445", "md5_hash": "5d38e9224946a9e3c203e6c37f5331f7", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\adobearm.log.gdcb", "sha1_hash": "7ee6a0f0270db05edbf912974c4cfa666d8a9557", "sha256_hash": "6b9dc2d85598d87b21466a4837eac9b31ab7a9478d541dfa307a8a6be8d864a4", "size": 1232, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bed8ed9bb9da598d3764ac44908d0538dca75db6", "file_type": "created_file", "id": "file_446", "md5_hash": "b4376a13dc0ef32795c0cd127aa9ba58", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\fy0zs5d.rtf.gdcb", "sha1_hash": "bed8ed9bb9da598d3764ac44908d0538dca75db6", "sha256_hash": "7a76fa1378067d4ad893ea72f9fa8fcec388006bd76a89dd139bfbab9ea982b5", "size": 34640, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2be215eba0ccc3b11c75e4b79b223c5d1f1222e1", "file_type": "created_file", "id": "file_447", "md5_hash": "44d69685bfe799614b7ce1309bec6c58", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\l0cggz.mkv.gdcb", "sha1_hash": "2be215eba0ccc3b11c75e4b79b223c5d1f1222e1", "sha256_hash": "4d2d6b0642655be638e53d79303045ca1e067dfc496a38484006452ea244cd3e", "size": 5440, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/04d3b9898eb212585493f55f5158f7a165a24f84", "file_type": "created_file", "id": "file_448", "md5_hash": "80d66f640e05a25a0b42763de8a43b32", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\psxl 1.gif.gdcb", "sha1_hash": "04d3b9898eb212585493f55f5158f7a165a24f84", "sha256_hash": "8d31229fcec80febf56ba63c94b5fa6ee05465866bdc348171962b14c2ad1eeb", "size": 12960, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d07bcacc187c6db6ecfd29eb2c40a29b07cfe11d", "file_type": "created_file", "id": "file_449", "md5_hash": "32ae09b304230ed8e10ad94d3399eea0", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\u 7qtcnd.flv.gdcb", "sha1_hash": "d07bcacc187c6db6ecfd29eb2c40a29b07cfe11d", "sha256_hash": "da2c885143c02b2ab082607addc717d412f4c0a71ad95f0bda8f104a0db46e51", "size": 66016, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b7eed85264fdf1feb5f88b0c74dc4637335dab06", "file_type": "created_file", "id": "file_450", "md5_hash": "06c0738b8172a64561722a3286234cc8", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\uwup52bz.gif.gdcb", "sha1_hash": "b7eed85264fdf1feb5f88b0c74dc4637335dab06", "sha256_hash": "6a77d018608e327a4de7feb6be95f86d425fee95886e7cf4ab2ac43d767b2de8", "size": 31344, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/594698ee95d2d737336ea2ec571049f75d163c55", "file_type": "created_file", "id": "file_451", "md5_hash": "ab7753a2c7578bdda32ebe81902fdb7a", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\temp\\xfno_bfgg.m4a.gdcb", "sha1_hash": "594698ee95d2d737336ea2ec571049f75d163c55", "sha256_hash": "bc5d1e1b976cd2a1217804ba076ae83cd02a54139ec8515513017b12263ac1dc", "size": 87184, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dff08188de9ece1376a7a974be5c1a24c7476b25", "file_type": "created_file", "id": "file_453", "md5_hash": "2e07a28f72b02f5cc0bc1645a2b2e888", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\clr_v2.0\\usagelogs\\winproj.exe.log.gdcb", "sha1_hash": "dff08188de9ece1376a7a974be5c1a24c7476b25", "sha256_hash": "dae0a8c3ad7f3d29ae49045651ddb302cc4148e6a94acaa742758f71f192188e", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8260ff0bbe441a553c9321c33f48cde5b249776c", "file_type": "created_file", "id": "file_455", "md5_hash": "be73837552d722a0b966186512851a2d", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_1280.db.gdcb", "sha1_hash": "8260ff0bbe441a553c9321c33f48cde5b249776c", "sha256_hash": "96890b8cd391992c8c2fab7677e1f1d249c61e03657419f16ab427d33587ada3", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1ef5feec863c57d84a42c49da3374985bd1c87e1", "file_type": "created_file", "id": "file_457", "md5_hash": "02b73d4b4ef21ab859651f7abcaf34a4", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_1920.db.gdcb", "sha1_hash": "1ef5feec863c57d84a42c49da3374985bd1c87e1", "sha256_hash": "7685c55a93a23bd552e035f7033b71561bef49fa54ac73738ab23ae660abca49", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/75a527cde5716693d77558649190c5ef15e2d049", "file_type": "created_file", "id": "file_459", "md5_hash": "84524a35d21c292988e364bdc903218b", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_2560.db.gdcb", "sha1_hash": "75a527cde5716693d77558649190c5ef15e2d049", "sha256_hash": "8a3b949396aa32857c0134f79649118751a45735f9edf794e2c341b1ecc85529", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/59a0da56530f5e36cce0846e49e46b05177b9d54", "file_type": "created_file", "id": "file_461", "md5_hash": "8564beeedec4a7a56e0dc72d2919ce1f", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_768.db.gdcb", "sha1_hash": "59a0da56530f5e36cce0846e49e46b05177b9d54", "sha256_hash": "a18ffb4edc3e53e4f714e449c27dfe68f0bcbe989a21f2cb45b676c7229189d7", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/013c3400ebe04018a8ba05bf96f85a8513926ece", "file_type": "created_file", "id": "file_463", "md5_hash": "59ab91efdfaff60ceca489faee8c397e", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_96.db.gdcb", "sha1_hash": "013c3400ebe04018a8ba05bf96f85a8513926ece", "sha256_hash": "83d982668329811a4eb6d620b3baa1b5b8cd05e33b9a14da43f197d9c16eb490", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/03c52f304dd7b54c7d5a69e2a574811fb5d51193", "file_type": "created_file", "id": "file_466", "md5_hash": "0a68d4faf0383e77e3f22d60e2d98fd7", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_exif.db.gdcb", "sha1_hash": "03c52f304dd7b54c7d5a69e2a574811fb5d51193", "sha256_hash": "f683e7c200fc56d71e4f996c6a6564fe583eaa70fbed4f54981eb7b649e1d4a3", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/aa909dd16c8dbec90e5cce2960727e66b3a936ce", "file_type": "created_file", "id": "file_468", "md5_hash": "fada87e3fea81eede92bfea8606fd61f", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_sr.db.gdcb", "sha1_hash": "aa909dd16c8dbec90e5cce2960727e66b3a936ce", "sha256_hash": "efe09c26fd50dd628d3d2a468779d802096219db65b9c692ec6717e645308127", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5eb9cb1ac9c97a5de583add0e660682ff33c43d4", "file_type": "created_file", "id": "file_470", "md5_hash": "53a9bfbb45b90e2a41103c35c8658d1d", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_wide.db.gdcb", "sha1_hash": "5eb9cb1ac9c97a5de583add0e660682ff33c43d4", "sha256_hash": "5ee2f440471473e0075dddc7b952e931ecfcd72a404134991a7cd8398180a6b9", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fd944a47725230f0b569abb774f7dbb3371727c4", "file_type": "created_file", "id": "file_472", "md5_hash": "ec0dac0e26f04c20545c25465723c368", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domstore\\52uk17nv\\www.google[1].xml.gdcb", "sha1_hash": "fd944a47725230f0b569abb774f7dbb3371727c4", "sha256_hash": "e399b1ec24ed664e4d67e308a614da031f95ea57df5368ef0daf7cd87f17c9d1", "size": 544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/774b27c8b0864d4a6a804549b687cb9455fffa08", "file_type": "created_file", "id": "file_475", "md5_hash": "51947ffd5514e151ddcaa4f68e27a8b1", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_256.db.gdcb", "sha1_hash": "774b27c8b0864d4a6a804549b687cb9455fffa08", "sha256_hash": "e2ae56bfad2ec2fe500c76aeb1f57f11ec16195cd804581b206aca43c2be7e0c", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/98399736baba2f252b5b2dfe0c9b6a177b60eb70", "file_type": "created_file", "id": "file_476", "md5_hash": "5550f3a3faf77ba31ff8cb8aa2452af4", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_custom_stream.db.gdcb", "sha1_hash": "98399736baba2f252b5b2dfe0c9b6a177b60eb70", "sha256_hash": "25474e6719393a8b65e67085ec53d770d77ecc68cf91fa2581242eb8d92531e0", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ea9ed7dc6463a6a9f49a7b1fde156b5c29d9aa9b", "file_type": "created_file", "id": "file_478", "md5_hash": "04737579390b94fe984d9c857157954d", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db.gdcb", "sha1_hash": "ea9ed7dc6463a6a9f49a7b1fde156b5c29d9aa9b", "sha256_hash": "0a1f0b89b51aa6466891a75d4b708651f9dc18699c2b57806f6d9a010ca1dcd0", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1746e7db5ec2152d99dff29363e005852ac18116", "file_type": "created_file", "id": "file_480", "md5_hash": "27c6858a69cc97bef33ff974c25725f3", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_1280.db.gdcb", "sha1_hash": "1746e7db5ec2152d99dff29363e005852ac18116", "sha256_hash": "60b8b1f171c03bc176c139164d833acc178c85b7b88cb604373f489211e416da", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1375a7fba96d68184a55c27557c2160cdf45bfec", "file_type": "created_file", "id": "file_482", "md5_hash": "1b24296c9646ae4016bd39cfc929be01", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_16.db.gdcb", "sha1_hash": "1375a7fba96d68184a55c27557c2160cdf45bfec", "sha256_hash": "2fa73997efa0fe647cd36d5a9e9155ee8b61836bc720f1d127b6ab0adca807ab", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/127fc146d12a0a941733074ff17cc11acd85d57f", "file_type": "created_file", "id": "file_484", "md5_hash": "31af4e840b0a8282c753cf861eace6f2", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_1920.db.gdcb", "sha1_hash": "127fc146d12a0a941733074ff17cc11acd85d57f", "sha256_hash": "da417ac9b52d08c29a13d8653b468ca090bc445287519a9d75ad3bb4c7cd704a", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/aa81e45004a30685536ce97b81ed8eae129a6824", "file_type": "created_file", "id": "file_486", "md5_hash": "43a53c7ec10033300ac4dd6225d461dd", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_2560.db.gdcb", "sha1_hash": "aa81e45004a30685536ce97b81ed8eae129a6824", "sha256_hash": "9478cb573628c7389b4dfa7ec33661fda7e142437beeafd22ccf0128fa06134a", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a8743e3dfd5c3262509d3ae3856464d6f692f3fe", "file_type": "created_file", "id": "file_488", "md5_hash": "600b1818a6d34480d33eea000c277a31", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_768.db.gdcb", "sha1_hash": "a8743e3dfd5c3262509d3ae3856464d6f692f3fe", "sha256_hash": "a735b431c6ec13c900b4d4228380c0e3170d6674f535ce2618af5ec5af29ba39", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9314f15f45b9836e66e95c428ad2c17b844df24d", "file_type": "created_file", "id": "file_490", "md5_hash": "407bc8cee99932182ab3c65f649e911b", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_96.db.gdcb", "sha1_hash": "9314f15f45b9836e66e95c428ad2c17b844df24d", "sha256_hash": "3e11a32d4553052a05f275d0177301c9ef3dcd50f81061baeb72ab69a508d454", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6324e7e2fab26c44948155c957bcc8f14832e627", "file_type": "created_file", "id": "file_492", "md5_hash": "3bf9c336a0b4e1c08b6ef5d1c034e92e", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_custom_stream.db.gdcb", "sha1_hash": "6324e7e2fab26c44948155c957bcc8f14832e627", "sha256_hash": "eaa66b36e828fcb060da292973b131d1587838ac907bd8379c77930b569753d0", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ff41569ac29d2c673a37689a9a39ef628bfc4351", "file_type": "created_file", "id": "file_494", "md5_hash": "4112f9db59c9acfc9e186b3e82efb6c6", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_exif.db.gdcb", "sha1_hash": "ff41569ac29d2c673a37689a9a39ef628bfc4351", "sha256_hash": "8c4469c907a7e1d75d3ff2e98773e1d1bf5a9331b540134c8c5066bcbcdda0b0", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4cde6c7deeaecd552a9c2ccb3c1b04eb28b64b3c", "file_type": "created_file", "id": "file_496", "md5_hash": "523e7d518b79763900f2f879fb01e5db", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_sr.db.gdcb", "sha1_hash": "4cde6c7deeaecd552a9c2ccb3c1b04eb28b64b3c", "sha256_hash": "6e2146344d81eac7e438e3a79c3e8d892e81816b64cc2ba095e09a67bfdeb571", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7d3c8ac2a9f453dde15c9c34518c21968e16e71c", "file_type": "created_file", "id": "file_498", "md5_hash": "949084f7925607a890f972e517df979a", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_wide.db.gdcb", "sha1_hash": "7d3c8ac2a9f453dde15c9c34518c21968e16e71c", "sha256_hash": "5cd60768718bc04e544a1417dfd2f493748e177fc07050be0d83a1e645e4c856", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4fc116ae89c7ce8776384ce3b787f0738f5f336a", "file_type": "created_file", "id": "file_500", "md5_hash": "60c61a888f0573147219df1fda475503", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\windows\\explorer\\thumbcache_wide_alternate.db.gdcb", "sha1_hash": "4fc116ae89c7ce8776384ce3b787f0738f5f336a", "sha256_hash": "7ec88ab19d21863ad0879619651e617ca84d69095d73c69f401e5d9fdc44d29e", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/11d901255b1978b0f98134993f27ef173e2ee227", "file_type": "created_file", "id": "file_501", "md5_hash": "f0ba071403c582a7ef9044a4343a8742", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\local\\application data\\application data\\application data\\application data\\application data\\application data\\application data\\microsoft\\internet explorer\\domstore\\l8oqst1l\\consent.google[1].xml.gdcb", "sha1_hash": "11d901255b1978b0f98134993f27ef173e2ee227", "sha256_hash": "c6ce6391a34e4c364caaccf95bc3a233d723caa4826842ca74e003067f7dda99", "size": 544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f570ef64409adbbe5d809ebfce0728234f56d4ac", "file_type": "created_file", "id": "file_503", "md5_hash": "0631f71880943dfcf057e87692abf03c", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\jukmmx7p\\secure-ds.serving-sys[1].xml.gdcb", "sha1_hash": "f570ef64409adbbe5d809ebfce0728234f56d4ac", "sha256_hash": "1c4a6dcd818db4b9a1d8b1f159aff7eea5746a91a98b0362aca4f6def28482bb", "size": 544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bf9eb984a0f2e916aa8a30e0489deab28c5209d8", "file_type": "created_file", "id": "file_504", "md5_hash": "340d913d43779ca4eca5063e73d6385e", "norm_filename": "c:\\documents and settings\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg.gdcb", "sha1_hash": "bf9eb984a0f2e916aa8a30e0489deab28c5209d8", "sha256_hash": "0563766b6648a1bf9149b1144b2f65408dfdea38926379fdd4dd33d853ca3162", "size": 75648, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/064cb087cbf7e299f68278b3f24420aa870ce474", "file_type": "created_file", "id": "file_507", "md5_hash": "40a59cc8ae2897597d62beae6a193186", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\9vo634vvey9vgoholzg.mkv.gdcb", "sha1_hash": "064cb087cbf7e299f68278b3f24420aa870ce474", "sha256_hash": "6bb5123e04e605d69620ea8326f9821d86cb7928b62645ae99a6739ee5da5e9b", "size": 44144, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e82f9533b25b4be2167fd6347189121b5569ac85", "file_type": "created_file", "id": "file_508", "md5_hash": "5ddb4cd194ed2f62b689a7190e03ca07", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\js0e pahtzszw9mdks.wav.gdcb", "sha1_hash": "e82f9533b25b4be2167fd6347189121b5569ac85", "sha256_hash": "7c1675d282b5241550ee712b54db12ef9b3f5d1b88978065a3fd07e4b78603aa", "size": 30496, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0f21758fe57cceb67b99cf34c5cfe86c1c79c004", "file_type": "created_file", "id": "file_509", "md5_hash": "318b73782ef8f9070fca04551c5ae07c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\orndnmfjcdfa1es0enx.flv.gdcb", "sha1_hash": "0f21758fe57cceb67b99cf34c5cfe86c1c79c004", "sha256_hash": "58183f911b03152edd88e2902d8a45ebc3379012464035238d9dbbdc5a6e2291", "size": 91488, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a5a950a38faf69e346385d08497eff5a993549e6", "file_type": "created_file", "id": "file_510", "md5_hash": "15db8c2396bef5efad7dc2c3fbc31a5f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\l_gium\\owxzt uxeior.mp3.gdcb", "sha1_hash": "a5a950a38faf69e346385d08497eff5a993549e6", "sha256_hash": "8556d5f62111b357e374e390e83463ca2537b1e5a32fb73768191c6e08b36f3f", "size": 26304, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7d6df185a8d11d7ee6bfc94b1ffac084b0dc824a", "file_type": "created_file", "id": "file_511", "md5_hash": "e4507e1f61bf2dd49c84ad77069f7ad7", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\mxha9qwx60.mp4.gdcb", "sha1_hash": "7d6df185a8d11d7ee6bfc94b1ffac084b0dc824a", "sha256_hash": "84ce5b56a4aacd7ed85f101e5089654df4845bdafa19fe0b13ae919b02db272f", "size": 68064, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bcd9a5f48184ac3079c0756874a5a2e63c8b11a0", "file_type": "created_file", "id": "file_512", "md5_hash": "0a49d0417ef684b80a55deeb583c717b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\210atvavnz- j.avi.gdcb", "sha1_hash": "bcd9a5f48184ac3079c0756874a5a2e63c8b11a0", "sha256_hash": "e18dcee9b5c662e81d02c07aa5bc0128e3f6c6de18738dab62f4c1254d5b9941", "size": 72288, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ba65f0d002ab839bd9e5a0b2418472bbb94ab1c1", "file_type": "created_file", "id": "file_513", "md5_hash": "9b1658583a58161f2e53024c6c42fb22", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\4wen.jpg.gdcb", "sha1_hash": "ba65f0d002ab839bd9e5a0b2418472bbb94ab1c1", "sha256_hash": "b6cb643d26ccb1f424609d6fa757a00f0d8d409ce34c9b436d6b8b02ac679cb3", "size": 65680, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0f4f4d8477498cec0971d0afb99aa797987f2a40", "file_type": "modified_file", "id": "file_3", "md5_hash": "42b65bfc7929e993fcfa2434fa721ccc", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-1462094071-1423818996-289466292-1000\\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b", "sha1_hash": "0f4f4d8477498cec0971d0afb99aa797987f2a40", "sha256_hash": "bac3a0b62acede354bf187ea9763cd7983e6984a6a82fcb62c1a31e37db6b7d6", "size": 2205, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a436612cd0a6b71203adee2ec4c54e57100198ca", "file_type": "modified_file", "id": "file_54", "md5_hash": "b54a23c3a7b39a79fac497dc373bbd78", "norm_filename": "c:\\recovery\\windowsre\\reagent.xml", "sha1_hash": "a436612cd0a6b71203adee2ec4c54e57100198ca", "sha256_hash": "e49227c9eca563bc13f73bbd8c27231be8720a3793531e14547944851886513d", "size": 1584, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/771bd564cb340ab471a52d5bdd9cabca2cca3be1", "file_type": "modified_file", "id": "file_59", "md5_hash": "0f1459dde60a316ff823e5d139c35369", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\004-sn-0z5c.wav", "sha1_hash": "771bd564cb340ab471a52d5bdd9cabca2cca3be1", "sha256_hash": "9f8bfa505d1427cf2580717fb15df2e836367faa754bff27b2c967989d6f8985", "size": 56560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0ee384ce272d390e882f951f253fd9d2fe0c810f", "file_type": "modified_file", "id": "file_61", "md5_hash": "c985de94f816b08c703d1e8d93f38deb", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\1wmqlmoja01-ep.gif", "sha1_hash": "0ee384ce272d390e882f951f253fd9d2fe0c810f", "sha256_hash": "0f4865b1175da7e03fdb6f4987e1f68cdcef4b67e8f60fb8e30b3deea9963810", "size": 4608, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ac7e41be580eab8ddaedc3088ac224da241df886", "file_type": "modified_file", "id": "file_63", "md5_hash": "abff62fdf29c0c95ac6844262ab0d021", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\4sctkxf.ots", "sha1_hash": "ac7e41be580eab8ddaedc3088ac224da241df886", "sha256_hash": "729c5213b77c8ca608f8029cc8b342ac3c7de3ca614d851e43ed86f987f89545", "size": 6416, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ac4277e0ac06f1c5bdb8b71ad3d34c3f287dddf5", "file_type": "modified_file", "id": "file_65", "md5_hash": "73cf5cc0544c3516cf1336480a2916a5", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\6ttfnwvzd3wr1.wav", "sha1_hash": "ac4277e0ac06f1c5bdb8b71ad3d34c3f287dddf5", "sha256_hash": "0c3ba80c00a2f1b7df032bd62d17281a5597a3a5414325feeba810e16618bff6", "size": 98000, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/735a08f05a58a7dc91196e380cfa32270ad1384e", "file_type": "modified_file", "id": "file_67", "md5_hash": "ee9242e408267dfad7b630abd510826f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\8mu6pxfxklxwxfc.m4a", "sha1_hash": "735a08f05a58a7dc91196e380cfa32270ad1384e", "sha256_hash": "3337830f27794128aae98c9549e4423d880f86358ea4684f0fb6f284350871f8", "size": 29744, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0b7883ceaf8b1b241054c889cd4ac4fa6090d54d", "file_type": "modified_file", "id": "file_85", "md5_hash": "e9a8880e462c8674dace0cb09394f7c1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\ulog_acroarm2_reader_c8be971a-de95-4557-abcb-db98e0788e08_00209595-b6ba-4fa7-88b0-97083d4c2159_0.log", "sha1_hash": "0b7883ceaf8b1b241054c889cd4ac4fa6090d54d", "sha256_hash": "bdeb8a73af6dbb1f3916252969669a1a5eb79c1536cd215770d6954ca563ed2e", "size": 1936, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7345966c786336a8958b252471e50f15c02deb49", "file_type": "modified_file", "id": "file_87", "md5_hash": "49e7890b98e4442c515ccc9b49868c23", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logs\\ulog_acroarm2_reader_c8be971a-de95-4557-abcb-db98e0788e08_56653bcd-022e-4023-b1f6-9926fada0024_0.log", "sha1_hash": "7345966c786336a8958b252471e50f15c02deb49", "sha256_hash": "1214c9d673d0ddf85d399eebcfb9e253b3b9cab58d8b4633c19883d36e808a12", "size": 1744, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/af0df73951537463b1487d42a99e27d7300262cd", "file_type": "modified_file", "id": "file_89", "md5_hash": "d8cdf288e13aadb2ce14a68a669f630a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\logtransport2\\logtransport2.cfg", "sha1_hash": "af0df73951537463b1487d42a99e27d7300262cd", "sha256_hash": "31e88e523d65f182fb89bb2a06530a1e5403047db3e4fff4320a3a30832aaf5b", "size": 752, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d217de833b350ab50ba97c238cbcc18704859f29", "file_type": "modified_file", "id": "file_93", "md5_hash": "0c27e5c8b0aa653b07acefc50652d175", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\adobe\\sonar\\sonar1.0\\sonar_policy.xml", "sha1_hash": "d217de833b350ab50ba97c238cbcc18704859f29", "sha256_hash": "e0674cc38b38e8e3d90037c5708061d4af4e9ec1f5a637d1cdaf8d042fe172c6", "size": 19296, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8bc8db3d2e1665627517a438f14b10d456189d71", "file_type": "modified_file", "id": "file_95", "md5_hash": "18e9c822299394be54340564c9495fb9", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\cztjlrmt.bmp", "sha1_hash": "8bc8db3d2e1665627517a438f14b10d456189d71", "sha256_hash": "89962cf39be2b75f7426d6587173960e24133af7634ee946681f7809d5ce980b", "size": 88512, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/513a365e82651b25951bc673a31a92c69cbb149f", "file_type": "modified_file", "id": "file_97", "md5_hash": "4fd8b71eb547e80a511dea90be2d937e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\exocxblrlmurhv.gif", "sha1_hash": "513a365e82651b25951bc673a31a92c69cbb149f", "sha256_hash": "41a0166c378b2e435300c9445ad20385da33592f6aae8b4f083de3118104a9ad", "size": 77328, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8c8812203e8f54e2bcd491ce29ccdfb8ff0efbb7", "file_type": "modified_file", "id": "file_99", "md5_hash": "33fdf31ed083a84ce2717ffb862ae2e0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\fcmh0q4.bmp", "sha1_hash": "8c8812203e8f54e2bcd491ce29ccdfb8ff0efbb7", "sha256_hash": "b43655c0d7d972ee2bf316f757c05f9acd99809c4d730bc6ed99ddb92f77f871", "size": 42320, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/56e9635f12557abb4b74e6765c41a97aee797d94", "file_type": "modified_file", "id": "file_103", "md5_hash": "0ddfd813a62431944e9b86bc00b0c1e3", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\imbmboer.ppt", "sha1_hash": "56e9635f12557abb4b74e6765c41a97aee797d94", "sha256_hash": "5e2349f3cfc00d0623f1168d723ea63d9e371b6ae4496bd2c88f930b19526e08", "size": 15744, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/87b0ce6ba99aab6f95d4e42a442ec6091a1f3287", "file_type": "modified_file", "id": "file_105", "md5_hash": "f84242aad257414c6299394eaef94f9c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ixwxy.png", "sha1_hash": "87b0ce6ba99aab6f95d4e42a442ec6091a1f3287", "sha256_hash": "848fb7439563b074c3cafd736a079171778af3d77dc4ec1dd37c2e308ad62da8", "size": 36976, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a0158afe4f3177fb8c838b46da76c89a637f17b6", "file_type": "modified_file", "id": "file_107", "md5_hash": "b5415449808e3c6932f4f94d1761bb37", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\jxoh-eft2nw-t9x.wav", "sha1_hash": "a0158afe4f3177fb8c838b46da76c89a637f17b6", "sha256_hash": "2a12c5c57bddc771133012588410bd27b00e5c5aa4f38e08d77805b17b9be816", "size": 27008, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/80a1751c44bf254cdc45a879f337048120065548", "file_type": "modified_file", "id": "file_109", "md5_hash": "1a47edbd8f8d1889567df663c75e238f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ldeazaydq h9.jpg", "sha1_hash": "80a1751c44bf254cdc45a879f337048120065548", "sha256_hash": "db8c32bdd3d523dd3327bc56d93e63a74f7be65c3f926cc96b9d18e33832e6ff", "size": 68960, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/40b02c8e732ea82fd2055347bb2510eb73049ebe", "file_type": "modified_file", "id": "file_111", "md5_hash": "939b6ecc6f0aa446c5299714281818cf", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\lsi0fbp1d3.flv", "sha1_hash": "40b02c8e732ea82fd2055347bb2510eb73049ebe", "sha256_hash": "32791fd4f7b088308114afd699eb68b8a2adbbae87390a71d3729fa503202ebb", "size": 57216, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1e186a019d9f1206dcc31664ccf280f05673e55c", "file_type": "modified_file", "id": "file_113", "md5_hash": "332b91fdf7f7aeba767b44d868a765b9", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\lxrxkbm2nnswbbwwbk42.mp4", "sha1_hash": "1e186a019d9f1206dcc31664ccf280f05673e55c", "sha256_hash": "0b92c0b6c77f30eab7f9ad126587ad43ae31dcd64cf5de5792cdf783991bfa62", "size": 98880, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6a56eafd259c03d9038640e65c04e06c777a6918", "file_type": "modified_file", "id": "file_134", "md5_hash": "8e8c7452e491075de50f5e9a84a2905f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\document building blocks\\1033\\16\\built-in building blocks.dotx", "sha1_hash": "6a56eafd259c03d9038640e65c04e06c777a6918", "sha256_hash": "98f04c9c24889b943e54bed16be1c26ac46df40e5618e9b8fe57af8b441dd8ab", "size": 3706592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f1116dc673d7f32d1d5e727f08c18e3be3a9e6be", "file_type": "modified_file", "id": "file_155", "md5_hash": "17dad9f4045de6bceb1598659d4c8c5a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\office\\recent\\index.dat", "sha1_hash": "f1116dc673d7f32d1d5e727f08c18e3be3a9e6be", "sha256_hash": "5e325548acad4849cc825bb073774b29004488bce2942e5f47d36b0d071d9bb2", "size": 592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d60250ead57dd4dd0d711191546713fe55a6e40d", "file_type": "modified_file", "id": "file_159", "md5_hash": "60933f9f1dd6608884f46526bfcc62f2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\onenote\\16.0\\preferences.dat", "sha1_hash": "d60250ead57dd4dd0d711191546713fe55a6e40d", "sha256_hash": "9ecc1aa70a74f8f3fb3a94b4e4529d55b4d9bb5701058c2dbf9e6f9f373afa7e", "size": 5712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9c7c9b74a28b541ab43a08797d5a7ce1b19238a5", "file_type": "modified_file", "id": "file_162", "md5_hash": "4f1121df7817b939d28f8853a82910b9", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\outlook.srs", "sha1_hash": "9c7c9b74a28b541ab43a08797d5a7ce1b19238a5", "sha256_hash": "380a1f0a103ed3ded033a0759cd64e3007792e094f58ee01e6f46cfcf1d16624", "size": 3088, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/223ff832d6bd7ef200da2fc1669a2e2770355f63", "file_type": "modified_file", "id": "file_164", "md5_hash": "96d99e275adaad30e6e1d1c79a424e8d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\outlook\\outlook.xml", "sha1_hash": "223ff832d6bd7ef200da2fc1669a2e2770355f63", "sha256_hash": "b08df0b6489862834b419808312bb6b5b06bdca4604344a9a201a629d882550c", "size": 2928, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a5f7bdbae0f3bbfc5f8005b13c6bd38fb22bc3c8", "file_type": "modified_file", "id": "file_177", "md5_hash": "9ace8d3f5804bec2bf33322bbd7634f2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\calendar insights.xltm", "sha1_hash": "a5f7bdbae0f3bbfc5f8005b13c6bd38fb22bc3c8", "sha256_hash": "9a745102c9d7ffa9789062f6a95a6c62ac685971c15c072a0afce0c355cb6cca", "size": 914816, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4bbbf4874ac53fd766f33e21a89112c9a312d646", "file_type": "modified_file", "id": "file_179", "md5_hash": "f4f0fae8060d4b08ae97df8fbcbc778a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\cashflow analysis.xltm", "sha1_hash": "4bbbf4874ac53fd766f33e21a89112c9a312d646", "sha256_hash": "fce588c4aa8dad0103095bec57de759262ad9375eec73cdb1d4f59fcc392663c", "size": 380544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/25ed003799a398df182d45e21bbce9581e5ffbd1", "file_type": "modified_file", "id": "file_181", "md5_hash": "8d95a48beceba8f02826bc19d41d757b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\email insights.xltm", "sha1_hash": "25ed003799a398df182d45e21bbce9581e5ffbd1", "sha256_hash": "dbe9e6b516890cc3fff90caabf3406974ba8ca0bdef492a7138b354860e4fae7", "size": 738608, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d2eef073cfe342424dc5037aaf80a9053d856c48", "file_type": "modified_file", "id": "file_195", "md5_hash": "a1f1d47ce549e3030af0fc7ebbf1ddf4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\normal.dotm", "sha1_hash": "d2eef073cfe342424dc5037aaf80a9053d856c48", "sha256_hash": "69560b53a62f017be4dadda81b79f7dba384f6490bb5d89ac254025c73babf0e", "size": 19584, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9b1d3550bf89fc2d0a150f65b08e60d23bf7d68f", "file_type": "modified_file", "id": "file_197", "md5_hash": "4125923df0d5c4f8c5f8fbe6d953f890", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\process map for basic flowchart.xltx", "sha1_hash": "9b1d3550bf89fc2d0a150f65b08e60d23bf7d68f", "sha256_hash": "845e7fae5297ef9160843a26088ade29b34791d1519c009e5c138b9d09550015", "size": 110480, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/401063e54ac2fca064d0d62d5508936da4353ce6", "file_type": "modified_file", "id": "file_199", "md5_hash": "06be6a0f948f33e4925148ac17e57a7a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\process map for cross-functional flowchart.xltx", "sha1_hash": "401063e54ac2fca064d0d62d5508936da4353ce6", "sha256_hash": "467b8d5fb7efee0fee5eb90b0b376d01b47ce3449f0806bd23258b9d4b4040a7", "size": 145264, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/754bae77c4fbde31bbf4f9cd7f01522a923a1b10", "file_type": "modified_file", "id": "file_201", "md5_hash": "47157eb06e51d5598d4e50d3ffdce68c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\stock symbols comparison.xltm", "sha1_hash": "754bae77c4fbde31bbf4f9cd7f01522a923a1b10", "sha256_hash": "000bf1b2ffae653fc0165337f881adb2bf84dce78848b89740d892e5c62e5075", "size": 1459616, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6ec7ee5763c5da5388cc640811d7719cb3d74c66", "file_type": "modified_file", "id": "file_203", "md5_hash": "e855d4238bfb403c0e8a9a8ce692374d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\templates\\welcome to excel.xltx", "sha1_hash": "6ec7ee5763c5da5388cc640811d7719cb3d74c66", "sha256_hash": "7bb0213fbe8377d4a2ad86fb472f7348c3327bead9afd7b7c7a103d2317f2709", "size": 495280, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/34f5af6657e94adf4abb54bdc7033d7498ba1020", "file_type": "modified_file", "id": "file_228", "md5_hash": "928f5eddd1ad2f0d337d43e0255ac530", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg", "sha1_hash": "34f5af6657e94adf4abb54bdc7033d7498ba1020", "sha256_hash": "c7e3a962018b3fe78fd6992cba2e16db651ffad02d178b1aa453cda36c94100f", "size": 75936, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/55494dbf28e2c893ddbf05315376a48e9042cc8b", "file_type": "modified_file", "id": "file_231", "md5_hash": "1a5c5b11fb72d3f1a229d3502ee42617", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mj7j-r46l5.pptx", "sha1_hash": "55494dbf28e2c893ddbf05315376a48e9042cc8b", "sha256_hash": "e98a3429769c1c5e7c25bdfe73bf05b48de0ded074257393d762a5b6d0555b8a", "size": 47872, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d57943b008b3cdccec058f84199cfd83da2959d5", "file_type": "modified_file", "id": "file_233", "md5_hash": "5d41e1436cb152465ca01f00ef2e86ba", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mldkkprkrb.mkv", "sha1_hash": "d57943b008b3cdccec058f84199cfd83da2959d5", "sha256_hash": "803550b48b231e0d3a8857c12e93eb9adba2dcdd59dd1388ceaaa52850da90f3", "size": 23760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/63a856991bfd691bff8ee577668c09504ad4f460", "file_type": "modified_file", "id": "file_235", "md5_hash": "2a49933dba48b24d252de021e4413c12", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mmsanu.wav", "sha1_hash": "63a856991bfd691bff8ee577668c09504ad4f460", "sha256_hash": "67dd7bf30a073152cd6c49d9576c0e61ad49ee2c6cc73e098f9d45814786a201", "size": 73536, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f94ad6ebc41a5518eeb48b683896ca132753a07b", "file_type": "modified_file", "id": "file_244", "md5_hash": "63368ee730c3a277e09a80617cbd5e38", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\addons.json", "sha1_hash": "f94ad6ebc41a5518eeb48b683896ca132753a07b", "sha256_hash": "9d9b1f87ce8404f1c281d58a3e4f48c97c5f53e197c9dcf91a07095e86bffefd", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a610ac512fbd42c8bf0c937353c73126d7cfc86b", "file_type": "modified_file", "id": "file_246", "md5_hash": "95e6ddee73cb0be4cacbdf0c5e64c3bf", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-addons.json", "sha1_hash": "a610ac512fbd42c8bf0c937353c73126d7cfc86b", "sha256_hash": "0a9c87662454702d945325d4cd48ca883193dc964cbe3774f4e2cb5805d68405", "size": 460832, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/67bc366aef9829e1d1a6874733fce749848d2db2", "file_type": "modified_file", "id": "file_248", "md5_hash": "18c18310a1a4b578b24ab7ee03225b37", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-gfx.json", "sha1_hash": "67bc366aef9829e1d1a6874733fce749848d2db2", "sha256_hash": "963b33dbe8ac26086924d94d1d02b72b5e84247b365c152de45855aebab3cf86", "size": 28496, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d62a36592e1c94125f35ea92ba1c5a0ba8958e0f", "file_type": "modified_file", "id": "file_250", "md5_hash": "3c4ba43c591d9a995a4e14849e15213f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist-plugins.json", "sha1_hash": "d62a36592e1c94125f35ea92ba1c5a0ba8958e0f", "sha256_hash": "aae79e221d6bc7dd501e061dd79541549be7165c14a27ae96319c9a1f267ef86", "size": 201936, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cbd0f640b7f5804c895cf543ed8ffe41f9c0fa0c", "file_type": "modified_file", "id": "file_252", "md5_hash": "b42b628d5dca2a4c49434b6a03522809", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\blocklist.xml", "sha1_hash": "cbd0f640b7f5804c895cf543ed8ffe41f9c0fa0c", "sha256_hash": "e14c1f0a75916f47f02d9f55f8107cb2c831bf6db11efa35bf69d1429744427d", "size": 258480, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c1558a6fd950db3d38afb6e700a4ab3caa7c1f70", "file_type": "modified_file", "id": "file_255", "md5_hash": "613a30081b1b9ada852e29802a034ed2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cert8.db", "sha1_hash": "c1558a6fd950db3d38afb6e700a4ab3caa7c1f70", "sha256_hash": "f54950d4b656f6c0b8846bb7047a674992f36cfb74feaffcbd9358861e440642", "size": 98832, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f8b0868bb023bba1f9abaaa64f7dcbeeff6a7a7b", "file_type": "modified_file", "id": "file_257", "md5_hash": "2a3c3b66601c50e814b219717edf86aa", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\compatibility.ini", "sha1_hash": "f8b0868bb023bba1f9abaaa64f7dcbeeff6a7a7b", "sha256_hash": "6272ad9b4882b06d8a5a652ea5abd52fe3fbc4e799a030a262cc65906cf10ba9", "size": 736, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/278c9a3ffda0cde9caa393614b2d4dbf16a789eb", "file_type": "modified_file", "id": "file_259", "md5_hash": "b47b6db7d02994ee9f6bf90c1d2e3f5a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\containers.json", "sha1_hash": "278c9a3ffda0cde9caa393614b2d4dbf16a789eb", "sha256_hash": "ddc48214681a881253769f711fe50152ac977857e330e209e150e69bc467a4a6", "size": 1344, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/eb3e164e64150a19f969534a0e2b1bf95ea0b6ea", "file_type": "modified_file", "id": "file_261", "md5_hash": "f35e400158ea44277e5a8bb7c1a485fd", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\content-prefs.sqlite", "sha1_hash": "eb3e164e64150a19f969534a0e2b1bf95ea0b6ea", "sha256_hash": "693709460fbc64459a073c75b7884154e8d8ad3167bc9cb72862a20421a3820e", "size": 229904, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b7fab54eafe8660767e4a2dcc11ad89c10acb231", "file_type": "modified_file", "id": "file_263", "md5_hash": "4864d87fd4fafa8706618691582d50eb", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cookies.sqlite", "sha1_hash": "b7fab54eafe8660767e4a2dcc11ad89c10acb231", "sha256_hash": "37aaf1db4f046763e91f881840cdca0454bb317906fa2394a42cdae2d07f233c", "size": 524816, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/383de7459c1c35baf6beb7e7e6e4f165185a4395", "file_type": "modified_file", "id": "file_270", "md5_hash": "7c081fc791cf3be85b4e2dafe3aab389", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\session-state.json", "sha1_hash": "383de7459c1c35baf6beb7e7e6e4f165185a4395", "sha256_hash": "dff105a193540e215cdafbc559d7cec184f9f50d942ada29dcf763bb51d00597", "size": 672, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b29ac0b83eb704bba13d503577684c047d506bac", "file_type": "modified_file", "id": "file_272", "md5_hash": "de383ebb4d7ac5e53d6a9e1ef7e7429a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\datareporting\\state.json", "sha1_hash": "b29ac0b83eb704bba13d503577684c047d506bac", "sha256_hash": "fa423e9f4c4ad6755daad03d9927de43db5f2a62376834db23f4fdef0a26ad4e", "size": 592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1655556dbcc057caaf173dbdf8b7aa8759b86cad", "file_type": "modified_file", "id": "file_274", "md5_hash": "1158e7c90296ec9bf67c228d6f3c82f3", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.ini", "sha1_hash": "1655556dbcc057caaf173dbdf8b7aa8759b86cad", "sha256_hash": "c676704ab822a77ae4638152c45d22798310b7591864f62771d0a344103fd9c8", "size": 720, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8978fc01f9c0d629b201bca3560ece8546e2a9da", "file_type": "modified_file", "id": "file_276", "md5_hash": "4a11ded0abd05200164f479de2f050b0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\extensions.json", "sha1_hash": "8978fc01f9c0d629b201bca3560ece8546e2a9da", "sha256_hash": "aa8ba1f603ffe755fc757dd6e1b16eb10a1ccfdaffb159dfc3c51ff8f4814315", "size": 6464, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f5fb3a92b9593a2129221d2e869d0b0292de1ddd", "file_type": "modified_file", "id": "file_278", "md5_hash": "0b72679469ad78247f075472f7d44d45", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\formhistory.sqlite", "sha1_hash": "f5fb3a92b9593a2129221d2e869d0b0292de1ddd", "sha256_hash": "ac4a10e90c1be5404f34a37edbdf08924a72967e116c947504a0f0c510034eb5", "size": 197136, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e4fce1eb219d8d304812b53bd1427490097907ea", "file_type": "modified_file", "id": "file_284", "md5_hash": "fe0449f06ab00664525baf7d99f7098f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-gmpopenh264\\1.6\\gmpopenh264.info", "sha1_hash": "e4fce1eb219d8d304812b53bd1427490097907ea", "sha256_hash": "ae444fe438ee798026241438896f04a859b3e3a129842725a03e29675c407108", "size": 656, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/69e7fd956893ce2990e1ddea955023280f711a97", "file_type": "modified_file", "id": "file_288", "md5_hash": "3348a379c9cc128bf216fa79ff4859f7", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\license.txt", "sha1_hash": "69e7fd956893ce2990e1ddea955023280f711a97", "sha256_hash": "deb183b3ea1f5d8c4b6e3eadee0478c70fba58d3c4df8d66d1db25a6e76a1d39", "size": 1008, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/98d538e377c2f5c20ad739a72bc5f18c7b261d68", "file_type": "modified_file", "id": "file_290", "md5_hash": "ff04887dc37b6731a048ece8ff32fb8f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\gmp-widevinecdm\\1.4.8.903\\manifest.json", "sha1_hash": "98d538e377c2f5c20ad739a72bc5f18c7b261d68", "sha256_hash": "6f92acd43145cc497ca677d6cd183e5d99b06abf534dbad3ba12c797c96b4d68", "size": 880, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6c753754225579ccf0964dad36af8dd673a729bc", "file_type": "modified_file", "id": "file_292", "md5_hash": "19198bf743d858949597941a7667772d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\key3.db", "sha1_hash": "6c753754225579ccf0964dad36af8dd673a729bc", "sha256_hash": "1d72a7021ec432f1fb582d0c23b0a650c95dbc89b37623af7d333a2f39c26e11", "size": 16912, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e9a2e3141c16a4e114f078e88add801d9161f76d", "file_type": "modified_file", "id": "file_294", "md5_hash": "6cef10510eb4d85cc1a32afa2c95b78c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\kinto.sqlite", "sha1_hash": "e9a2e3141c16a4e114f078e88add801d9161f76d", "sha256_hash": "6da159242cbbe8e6802e87c144afaee3b935142d8e9d3ad3ec15b16ff8c3a92f", "size": 1049104, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/61cedf727326bc6baf97f26a7ff7fc0dbd1b5186", "file_type": "modified_file", "id": "file_297", "md5_hash": "5dd5df4019efab4438f5c144f24728b9", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\permissions.sqlite", "sha1_hash": "61cedf727326bc6baf97f26a7ff7fc0dbd1b5186", "sha256_hash": "4c3b4f13857f461d004c53d1f42019c9571e5321e86954d066885a88f7494cca", "size": 98832, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1ba8034558d85940390c10caa7b2ab09dcada2f5", "file_type": "modified_file", "id": "file_299", "md5_hash": "3ab16d235b46fffed29dda7fe31787a0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\places.sqlite", "sha1_hash": "1ba8034558d85940390c10caa7b2ab09dcada2f5", "sha256_hash": "8b95953b69d7ff6000349477f52fd40a2cb515d08e8620adac189ebc7b58cb3e", "size": 10485760, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ecae0a478653ef771a197e00452ac03a2c9ebf12", "file_type": "modified_file", "id": "file_301", "md5_hash": "162a464f975f993c02ff5de49fe6a2b4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\pluginreg.dat", "sha1_hash": "ecae0a478653ef771a197e00452ac03a2c9ebf12", "sha256_hash": "f2881afc2955788c621332c75bb71ad9fc506ef5787b23a15043e1e7842d97e0", "size": 1104, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/81a0774f64a853bda4f96cb42d9d1d5192faa475", "file_type": "modified_file", "id": "file_303", "md5_hash": "839d9a66603b13b7100d7fd075ecde59", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\prefs.js", "sha1_hash": "81a0774f64a853bda4f96cb42d9d1d5192faa475", "sha256_hash": "b29027e15fe4483662d5ac2afcfd6dc1d15b16290b74efed77144ef0e7b699b2", "size": 12000, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/79856813a976809b7a141665745bc723fbf3af07", "file_type": "modified_file", "id": "file_305", "md5_hash": "45b97e176b42c7ae086b7b03029accd1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\revocations.txt", "sha1_hash": "79856813a976809b7a141665745bc723fbf3af07", "sha256_hash": "19167bd47a5e3b0b3e7164a05ff42024a1eedaa6db483303c62b918941a85bf8", "size": 21952, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0ef3e6633d416d4d6b2ed46c12c7e59313936fc5", "file_type": "modified_file", "id": "file_308", "md5_hash": "2001bfd869409aea96b4cf4e1f65ee67", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\secmod.db", "sha1_hash": "0ef3e6633d416d4d6b2ed46c12c7e59313936fc5", "sha256_hash": "b44ab5c2c2912d3a68c285fb0b4ba224ba2e9ce6d471872d0f6a17c10a584220", "size": 16912, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f1fc2a755f082783eab12953878c7af32bc8bead", "file_type": "modified_file", "id": "file_310", "md5_hash": "3c427b245983dca52645773e536fc82b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessioncheckpoints.json", "sha1_hash": "f1fc2a755f082783eab12953878c7af32bc8bead", "sha256_hash": "78b76d62144692eeba9190289494dbc3f421089d423f36b91cd32dc1caf2ea4d", "size": 816, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cb31ffbb450e8129fbe6ebda11e5e793a66ed43c", "file_type": "modified_file", "id": "file_313", "md5_hash": "a65d3e11898c7c575d3dccdd364a7486", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore-backups\\previous.js", "sha1_hash": "cb31ffbb450e8129fbe6ebda11e5e793a66ed43c", "sha256_hash": "3ded70e20fab2e198fe845d80a133036f3bb13bccc85c8ba555520dcd31cc4f6", "size": 171872, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b880d6ec174e9bc8699aa22cf067311e89a2f0f8", "file_type": "modified_file", "id": "file_315", "md5_hash": "5e613b2b8b410f7e91a31cde38585305", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sessionstore.js", "sha1_hash": "b880d6ec174e9bc8699aa22cf067311e89a2f0f8", "sha256_hash": "53d04e36c7fc49fe215fe947f98bfaf398b2f101046b53f2fe43575f3ff5a4df", "size": 1520, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3c120c5f836e81287a81d560e4ccb64e95d6b00b", "file_type": "modified_file", "id": "file_317", "md5_hash": "041f6ac7e85658c83cb4d1d92a8b22aa", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\sitesecurityservicestate.txt", "sha1_hash": "3c120c5f836e81287a81d560e4ccb64e95d6b00b", "sha256_hash": "9fca5af3190c6763539910f1a10020c260a45795c3da6f92225bddf177efaa98", "size": 2464, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/22efbf16fe06abb5007b6b7d9d792af433373336", "file_type": "modified_file", "id": "file_324", "md5_hash": "68f90dc52361ba8b54c5692208616a49", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\chrome\\idb\\2918063365piupsah.sqlite", "sha1_hash": "22efbf16fe06abb5007b6b7d9d792af433373336", "sha256_hash": "a2549c70334b67550eea1a49316375293f1d4f536071bd072783c2b24715545a", "size": 49680, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2a983860a398b83a0bceda217b22d27d4c4fa600", "file_type": "modified_file", "id": "file_330", "md5_hash": "9fd26e3c40ca850bf1d4437feeb3bd3d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage\\permanent\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", "sha1_hash": "2a983860a398b83a0bceda217b22d27d4c4fa600", "sha256_hash": "c54caf1b4643adc5658dadcc45d57de9a9c43e05e3ba5843c91142aa541ecf77", "size": 49680, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/71b4300eef8051ae71947bee7acf228e805a9e4f", "file_type": "modified_file", "id": "file_332", "md5_hash": "af6f889ecbdfd677431a5616c96721ff", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-1462094071-1423818996-289466292-1000\\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b", "sha1_hash": "71b4300eef8051ae71947bee7acf228e805a9e4f", "sha256_hash": "9ee4a265dda07081ee7610d3961f4b358a27e71773130b7ff302b74aad22382f", "size": 2205, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6aa4f6180ed1c9c3842dc1f98f04c493b6aa06e4", "file_type": "modified_file", "id": "file_333", "md5_hash": "c5affe17659f4678b3b1db8895f8a15f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\ie\\gy9r3u9a\\curl[1].htm", "sha1_hash": "6aa4f6180ed1c9c3842dc1f98f04c493b6aa06e4", "sha256_hash": "8a9bec677501bce2a23cd916993eb4cda61de5558ca7a8d7c1b6c7bf7fac2d3a", "size": 5709, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bf9eb984a0f2e916aa8a30e0489deab28c5209d8", "file_type": "modified_file", "id": "file_334", "md5_hash": "340d913d43779ca4eca5063e73d6385e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\themes\\cachedfiles\\cachedimage_1440_900_pos4.jpg", "sha1_hash": "bf9eb984a0f2e916aa8a30e0489deab28c5209d8", "sha256_hash": "0563766b6648a1bf9149b1144b2f65408dfdea38926379fdd4dd33d853ca3162", "size": 75648, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cf6322306317c5a27e5c0f7a0da3f3f9232b34a3", "file_type": "modified_file", "id": "file_335", "md5_hash": "6f2a52c09fa7f6d3c69675aac90d37a0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\storage.sqlite", "sha1_hash": "cf6322306317c5a27e5c0f7a0da3f3f9232b34a3", "sha256_hash": "1d510585ce43f029a70421c6bded60edf95f921b514cd618216e76c74a79134a", "size": 1296, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f906dd014a476dd5caf67028cc455ba030bbbbf8", "file_type": "modified_file", "id": "file_337", "md5_hash": "c13e394d8c873033447ffaf34c811ba2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\times.json", "sha1_hash": "f906dd014a476dd5caf67028cc455ba030bbbbf8", "sha256_hash": "07766239384fcb6dd9f632361e234f384b04613057e88eb8cb417277f459eb12", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/94bebb8ad09222b7af1e7a089a05355f4293c99c", "file_type": "modified_file", "id": "file_339", "md5_hash": "bffd156531792f40cefa19e057dad558", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\webappsstore.sqlite", "sha1_hash": "94bebb8ad09222b7af1e7a089a05355f4293c99c", "sha256_hash": "52019841567ab9acf3eb39cbbf861c57418c104b145d251a24fcc3512061f0d8", "size": 98832, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/e6c1100157864135373cad6ade9a053376cf4a25", "file_type": "modified_file", "id": "file_341", "md5_hash": "52edb27b678a1423cc5a7c395ef9608b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\xulstore.json", "sha1_hash": "e6c1100157864135373cad6ade9a053376cf4a25", "sha256_hash": "6fdd876dfa1b9c30e419ad3dac18e8faadcb0da33de2a40127889af556643697", "size": 1360, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d7f6f8a7815a14efdebb2754040e8fb73a347ca3", "file_type": "modified_file", "id": "file_343", "md5_hash": "f9b2be39da460d7ba7d475b20ccfc59d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles.ini", "sha1_hash": "d7f6f8a7815a14efdebb2754040e8fb73a347ca3", "sha256_hash": "f21a073bcdaf73514ec6a0d7fb9853713a03cd18e575bfa4da5d14b8d2be2d6f", "size": 656, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fd79e1963a73ef30addd8b225fb4e4d06ffe92cf", "file_type": "modified_file", "id": "file_345", "md5_hash": "d57dbcbf6a88104beb63b936dc523e3b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\pp7pzivznjg.gif", "sha1_hash": "fd79e1963a73ef30addd8b225fb4e4d06ffe92cf", "sha256_hash": "7c5a6e99c73e948a038c9dbf2a891c7187ce76c70345848e84bbff30905777b2", "size": 72896, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/58b7c5d30ed9df0fe283aba2f368b826337e28f3", "file_type": "modified_file", "id": "file_347", "md5_hash": "e0c6b057994cea53aca5f8f94498c0d8", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\py_6.pdf", "sha1_hash": "58b7c5d30ed9df0fe283aba2f368b826337e28f3", "sha256_hash": "76baf9d9a12200bc983502dcf8c274adb689a8bfe65c21c3d8a4827d6bcc0dac", "size": 12224, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2c5edc2e66f4f46a812b49b6ae9763714737b001", "file_type": "modified_file", "id": "file_349", "md5_hash": "698b179fa80e5f6a2e6e5b2c882fa516", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\qvlruvqbw5.mp3", "sha1_hash": "2c5edc2e66f4f46a812b49b6ae9763714737b001", "sha256_hash": "00d687b4f63a0ca65f90a85e6cb6d8c619984eb5e5d325897db9445a3828bf95", "size": 33456, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/c17f1563210af31c488a83d1c55526b7db443428", "file_type": "modified_file", "id": "file_351", "md5_hash": "dba97cfd81384dade62415ad23075d8e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\rdjeorfwlmiukr-wj-g.mp3", "sha1_hash": "c17f1563210af31c488a83d1c55526b7db443428", "sha256_hash": "9b03c0a4a0fa330d1c9ded547ac823b245a0597844845652f7dae41d7d48e455", "size": 28592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dfb94d643f80ba5350ad74277ae2bd3364b93173", "file_type": "modified_file", "id": "file_353", "md5_hash": "10585553cebfdd919b6ac2566eac0528", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\s-oozle.avi", "sha1_hash": "dfb94d643f80ba5350ad74277ae2bd3364b93173", "sha256_hash": "954c159ff12cefe8f56dad1a01c647afc990e76d77e2b42047672e0cc83e6c07", "size": 19776, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b5544585893e5f687bd35b6b75489f5f8ff54464", "file_type": "modified_file", "id": "file_355", "md5_hash": "741bee2e736b4f9430c4880106dc06a2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\sao0lzdqm lb1jo.bmp", "sha1_hash": "b5544585893e5f687bd35b6b75489f5f8ff54464", "sha256_hash": "8e8a8dd1726a2bf6824bdcf0905d20e74a317bfd1d898b2d3a7b15df812e2413", "size": 78064, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6018634d3a55422a1b662358f196b0da7f28ace4", "file_type": "modified_file", "id": "file_357", "md5_hash": "e00bfaaa0bda8ae0bcc8759e6438bd98", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\skype\\roottools\\roottools.conf", "sha1_hash": "6018634d3a55422a1b662358f196b0da7f28ace4", "sha256_hash": "c1d825c97c241f7a29f8278f3beb441b99a76ede63b760e136c7f3e333baec9c", "size": 608, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f119dedf61c417e1809dbc6de57d93d5e264ed9f", "file_type": "modified_file", "id": "file_359", "md5_hash": "9adbbbed445282b7c1374621cc0c30b5", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\srk1.flv", "sha1_hash": "f119dedf61c417e1809dbc6de57d93d5e264ed9f", "sha256_hash": "66fc505324a7d415fa2550ee6ccc2adc00b6a64de4e9669043638978893ff75e", "size": 68960, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/df8706892164e938506756ed8a1fe5aa0ab469dc", "file_type": "modified_file", "id": "file_361", "md5_hash": "a39a82e1744b9603dc631703b82f092e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\ufabmkau-rjobgodjy23.swf", "sha1_hash": "df8706892164e938506756ed8a1fe5aa0ab469dc", "sha256_hash": "478cb831a5c381593a3ef08eff9f576b0fa74712e6144472728089f5267d77cf", "size": 24176, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dbf064c04dfff84e7e622733378542c81151869a", "file_type": "modified_file", "id": "file_363", "md5_hash": "47b32f582829fc149c1ad975f7671b66", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\xdfxtyw.m4a", "sha1_hash": "dbf064c04dfff84e7e622733378542c81151869a", "sha256_hash": "36dde405c3e3f3dafcf4e55a9414f9401ac1ac175daaa26d773f74b3c4f8e473", "size": 94784, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/85fa1bb9d2696df770fb46a4b9a2685319df9ac7", "file_type": "modified_file", "id": "file_365", "md5_hash": "0eeb629f0eb9412ff0738d93418d1c9e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\xx9l.avi", "sha1_hash": "85fa1bb9d2696df770fb46a4b9a2685319df9ac7", "sha256_hash": "602d3244d848e5752a29fe638b65cccfcd85a49e30b2aafc7901ec1968b3d80a", "size": 76032, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2412d3f539c38b8285928b16525d9c40b54481f8", "file_type": "modified_file", "id": "file_367", "md5_hash": "4fe96b1e09829e3f42ecd021c3e85d10", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\x_3ykeu9f6ozxw.swf", "sha1_hash": "2412d3f539c38b8285928b16525d9c40b54481f8", "sha256_hash": "37e5d8f5f86f9ebdbe1ddf77bab3791fa4bbdd350bc83f11e37f62ec4340a6c5", "size": 4592, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/cad5ffd351dcdf6d5ba4ff8d6142819251da7d2c", "file_type": "modified_file", "id": "file_369", "md5_hash": "6452ffb3827cb5556b4c6355c9c28b6e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\yzrhhbr e0en.wav", "sha1_hash": "cad5ffd351dcdf6d5ba4ff8d6142819251da7d2c", "sha256_hash": "4d09c75cdfbccfa2ef93806551cd707400cd44990fa0addf71434d57052f5e81", "size": 23264, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/77ad0642cbf80dc0453d54cf1dab63ef8105d0bb", "file_type": "modified_file", "id": "file_371", "md5_hash": "f777816652dd4210dafcbddd17ce9415", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\z5f8f.pdf", "sha1_hash": "77ad0642cbf80dc0453d54cf1dab63ef8105d0bb", "sha256_hash": "188425c773868fdd14e52b6f2b2477525e4cd3bb434fc38e238552c68663ef44", "size": 48160, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/856ba41045c8395875d330d9571a48b325ce4166", "file_type": "modified_file", "id": "file_373", "md5_hash": "2b1714598076b3960ed27c2d3b9f6d2e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\aclviho asldjfl.contact", "sha1_hash": "856ba41045c8395875d330d9571a48b325ce4166", "sha256_hash": "c4d0cd2a3f823e017690af78baeb16cc121bc588dba8f1b2ea939e2fcf3d4053", "size": 1712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/203aaf9efa41dad37802d11fe8daa25dfe2880f1", "file_type": "modified_file", "id": "file_375", "md5_hash": "4f8ab5551de4b63418f33c793b55d29e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\asdlfk poopvy.contact", "sha1_hash": "203aaf9efa41dad37802d11fe8daa25dfe2880f1", "sha256_hash": "1dfde3fe4e5134211e9c5311311045118d22959bc71cb0ba664efe9bbe34fc48", "size": 1712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6409c597cb6ad5f431902d89d556d5a6e3611400", "file_type": "modified_file", "id": "file_377", "md5_hash": "ef62f6e9e42054153de73c873b2e377e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\chucu jadnvk.contact", "sha1_hash": "6409c597cb6ad5f431902d89d556d5a6e3611400", "sha256_hash": "b269b2d672db2bd36d0bf40c6440e7e23de1072c94597445f82c8b2a10ab5ebb", "size": 1712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0617e004cd7d582ceed897f2e66acc2413bd435d", "file_type": "modified_file", "id": "file_379", "md5_hash": "ae6f0f8df15f844656f13f8e1eba2209", "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\lulcit amkdfe.contact", "sha1_hash": "0617e004cd7d582ceed897f2e66acc2413bd435d", "sha256_hash": "2c6328770748881c9ea17cbd97c22ed5a149d0918032da82789a9869181050fb", "size": 1712, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7d5ae2df99f784c930b4fbc84c65064b56074f41", "file_type": "modified_file", "id": "file_381", "md5_hash": "72f57c6c885b18c9ad1e97f7530db5d5", "norm_filename": "c:\\users\\ciihmnxmn6ps\\contacts\\sikvnb huvuib.contact", "sha1_hash": "7d5ae2df99f784c930b4fbc84c65064b56074f41", "sha256_hash": "9914b535d048c4596854f57efe89cef04f32fc68741147d226f81734ac32fbe7", "size": 1840, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7541d650523036993cabf3fdf89e41eefdd6c74b", "file_type": "modified_file", "id": "file_383", "md5_hash": "b95857b0b180b1b3b086a7861ddeaa7d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\-__krkwudncw7vix_s.wav", "sha1_hash": "7541d650523036993cabf3fdf89e41eefdd6c74b", "sha256_hash": "cf570f6643c64a1721afd8b0de34c84316939d4083e074f20abd90a3a821bdcb", "size": 52416, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1a01784e9062b03e20f94295fb5c715d81997775", "file_type": "modified_file", "id": "file_385", "md5_hash": "38ee62682ffe9ac583b2dff019f52d5e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\8g6mia 6.pptx", "sha1_hash": "1a01784e9062b03e20f94295fb5c715d81997775", "sha256_hash": "3ccd1425c07d594aafa0e6409ddcf353a49796500ce6ba5d976567e7d0235e04", "size": 36816, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/68fa51b8a08f5f3a10f708819f826e043e98a8ff", "file_type": "modified_file", "id": "file_387", "md5_hash": "c6136a90fcead756bd15ce909ebf17a3", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\0eert0ljww1qhv\\lfbogup.mp3", "sha1_hash": "68fa51b8a08f5f3a10f708819f826e043e98a8ff", "sha256_hash": "2f24d74efbe540ac507c5e3ff4ff1edc3043f78bc525acd1b5e5a2bf7b5592b8", "size": 75952, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4886bd5d287310cc988664b2b1c71ea4450bada2", "file_type": "modified_file", "id": "file_389", "md5_hash": "5311bfb29d17a6f43408b9ba889c684d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\ntuser.ini", "sha1_hash": "4886bd5d287310cc988664b2b1c71ea4450bada2", "sha256_hash": "c5caf30250e61f4947d76f63620c2356341ff52983d9982e885ba4fc8a13e7bf", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a236d8b07f31db873248ea3479d4492cb94be4a1", "file_type": "modified_file", "id": "file_391", "md5_hash": "c10a7c96545d0a2036182e6dd9b1f77d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\ie\\gy9r3u9a\\curl[1].htm", "sha1_hash": "a236d8b07f31db873248ea3479d4492cb94be4a1", "sha256_hash": "5295a5a829000e27c6ae487074604047efdd7e09707f2020e3c7e51a862ab805", "size": 9, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bde20cb138730f7f32e35bb3f22d5bd6e13ced64", "file_type": "modified_file", "id": "file_392", "md5_hash": "15827431a1e69c0a146ab23b0a34c7a1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\crypto\\rsa\\s-1-5-21-1462094071-1423818996-289466292-1000\\46a78fa46b43fb180b4fa21773f8ff3e_427a1946-e0ff-4097-8c9e-ca2c1e22780b", "sha1_hash": "bde20cb138730f7f32e35bb3f22d5bd6e13ced64", "sha256_hash": "4152d45ee338fcd3a5d9d8f814736b83dc793d9ed65ef5708807d764d2a5585c", "size": 2205, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fb052b9a5ef4e1615a710bb53f752d37a9419764", "file_type": "modified_file", "id": "file_399", "md5_hash": "0fc7061e0eb376d2b0acbad381f47fdf", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\iconcacherdr.dat", "sha1_hash": "fb052b9a5ef4e1615a710bb53f752d37a9419764", "sha256_hash": "406a7bf9b71455f12d35992195d5c07118d73d8859806a5a3e104ded75758464", "size": 54112, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/0a0ddf8b74c5d38f9587157dca9fb33e6750f030", "file_type": "modified_file", "id": "file_401", "md5_hash": "132bbc930f049894ccea5871ffe84ab8", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\iconcacherdr65536.dat", "sha1_hash": "0a0ddf8b74c5d38f9587157dca9fb33e6750f030", "sha256_hash": "8364e5a9e4410c14a887d43e44d51c1aea63ec5ad44c2c97a718e9ba8580e840", "size": 184608, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/3375b3ff827228a9f97ee756c354cdfc384886bb", "file_type": "modified_file", "id": "file_404", "md5_hash": "bf882920036a75cb92c792306f46e5ec", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\adobe\\acrobat\\dc\\usercache.bin", "sha1_hash": "3375b3ff827228a9f97ee756c354cdfc384886bb", "sha256_hash": "8ab70fe4905f49f8d0d84d2baf791e58cdaa3f63ececf6f63fb5526aeedc32ed", "size": 63952, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7ee6a0f0270db05edbf912974c4cfa666d8a9557", "file_type": "modified_file", "id": "file_414", "md5_hash": "5d38e9224946a9e3c203e6c37f5331f7", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\adobearm.log", "sha1_hash": "7ee6a0f0270db05edbf912974c4cfa666d8a9557", "sha256_hash": "6b9dc2d85598d87b21466a4837eac9b31ab7a9478d541dfa307a8a6be8d864a4", "size": 1232, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/145d9ca3e2032073ddc3f0a297b10d479025da11", "file_type": "modified_file", "id": "file_415", "md5_hash": "3bf4de62d5ecc6299d86cb914df154e4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\armui.ini", "sha1_hash": "145d9ca3e2032073ddc3f0a297b10d479025da11", "sha256_hash": "eb77ff5b42593075218ff67884a0ada3260a482cf7bb4d8ca1b6393ab5971516", "size": 257952, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/bed8ed9bb9da598d3764ac44908d0538dca75db6", "file_type": "modified_file", "id": "file_417", "md5_hash": "b4376a13dc0ef32795c0cd127aa9ba58", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\fy0zs5d.rtf", "sha1_hash": "bed8ed9bb9da598d3764ac44908d0538dca75db6", "sha256_hash": "7a76fa1378067d4ad893ea72f9fa8fcec388006bd76a89dd139bfbab9ea982b5", "size": 34640, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/2be215eba0ccc3b11c75e4b79b223c5d1f1222e1", "file_type": "modified_file", "id": "file_418", "md5_hash": "44d69685bfe799614b7ce1309bec6c58", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\l0cggz.mkv", "sha1_hash": "2be215eba0ccc3b11c75e4b79b223c5d1f1222e1", "sha256_hash": "4d2d6b0642655be638e53d79303045ca1e067dfc496a38484006452ea244cd3e", "size": 5440, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/41ad042c6e4d239dc3ab5d1e1afedc4d8003e718", "file_type": "modified_file", "id": "file_419", "md5_hash": "5e0ad431fc81650f8e806c3a7850912d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\peyv.bmp", "sha1_hash": "41ad042c6e4d239dc3ab5d1e1afedc4d8003e718", "sha256_hash": "ee7a9547438b54a799ab81473bcc68618a885979f73f1b7b90168dfd0ca288a9", "size": 62176, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/04d3b9898eb212585493f55f5158f7a165a24f84", "file_type": "modified_file", "id": "file_421", "md5_hash": "80d66f640e05a25a0b42763de8a43b32", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\psxl 1.gif", "sha1_hash": "04d3b9898eb212585493f55f5158f7a165a24f84", "sha256_hash": "8d31229fcec80febf56ba63c94b5fa6ee05465866bdc348171962b14c2ad1eeb", "size": 12960, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/d07bcacc187c6db6ecfd29eb2c40a29b07cfe11d", "file_type": "modified_file", "id": "file_422", "md5_hash": "32ae09b304230ed8e10ad94d3399eea0", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\u 7qtcnd.flv", "sha1_hash": "d07bcacc187c6db6ecfd29eb2c40a29b07cfe11d", "sha256_hash": "da2c885143c02b2ab082607addc717d412f4c0a71ad95f0bda8f104a0db46e51", "size": 66016, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/b7eed85264fdf1feb5f88b0c74dc4637335dab06", "file_type": "modified_file", "id": "file_423", "md5_hash": "06c0738b8172a64561722a3286234cc8", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\uwup52bz.gif", "sha1_hash": "b7eed85264fdf1feb5f88b0c74dc4637335dab06", "sha256_hash": "6a77d018608e327a4de7feb6be95f86d425fee95886e7cf4ab2ac43d767b2de8", "size": 31344, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/594698ee95d2d737336ea2ec571049f75d163c55", "file_type": "modified_file", "id": "file_424", "md5_hash": "ab7753a2c7578bdda32ebe81902fdb7a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\temp\\xfno_bfgg.m4a", "sha1_hash": "594698ee95d2d737336ea2ec571049f75d163c55", "sha256_hash": "bc5d1e1b976cd2a1217804ba076ae83cd02a54139ec8515513017b12263ac1dc", "size": 87184, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1039877f8c3232b1c992096d5126b634f2c2616c", "file_type": "modified_file", "id": "file_429", "md5_hash": "b4984e476fc4c3f7a877a610e51e45ad", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\comms\\temp\\calendarcache.dat", "sha1_hash": "1039877f8c3232b1c992096d5126b634f2c2616c", "sha256_hash": "15f2c4dd846a56bacdd0cdcae19df41307ccfd697e24a68c04b21f5e1c5e902b", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/dff08188de9ece1376a7a974be5c1a24c7476b25", "file_type": "modified_file", "id": "file_452", "md5_hash": "2e07a28f72b02f5cc0bc1645a2b2e888", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\clr_v2.0\\usagelogs\\winproj.exe.log", "sha1_hash": "dff08188de9ece1376a7a974be5c1a24c7476b25", "sha256_hash": "dae0a8c3ad7f3d29ae49045651ddb302cc4148e6a94acaa742758f71f192188e", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/8260ff0bbe441a553c9321c33f48cde5b249776c", "file_type": "modified_file", "id": "file_454", "md5_hash": "be73837552d722a0b966186512851a2d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1280.db", "sha1_hash": "8260ff0bbe441a553c9321c33f48cde5b249776c", "sha256_hash": "96890b8cd391992c8c2fab7677e1f1d249c61e03657419f16ab427d33587ada3", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1ef5feec863c57d84a42c49da3374985bd1c87e1", "file_type": "modified_file", "id": "file_456", "md5_hash": "02b73d4b4ef21ab859651f7abcaf34a4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_1920.db", "sha1_hash": "1ef5feec863c57d84a42c49da3374985bd1c87e1", "sha256_hash": "7685c55a93a23bd552e035f7033b71561bef49fa54ac73738ab23ae660abca49", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/75a527cde5716693d77558649190c5ef15e2d049", "file_type": "modified_file", "id": "file_458", "md5_hash": "84524a35d21c292988e364bdc903218b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_2560.db", "sha1_hash": "75a527cde5716693d77558649190c5ef15e2d049", "sha256_hash": "8a3b949396aa32857c0134f79649118751a45735f9edf794e2c341b1ecc85529", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/59a0da56530f5e36cce0846e49e46b05177b9d54", "file_type": "modified_file", "id": "file_460", "md5_hash": "8564beeedec4a7a56e0dc72d2919ce1f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_768.db", "sha1_hash": "59a0da56530f5e36cce0846e49e46b05177b9d54", "sha256_hash": "a18ffb4edc3e53e4f714e449c27dfe68f0bcbe989a21f2cb45b676c7229189d7", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/013c3400ebe04018a8ba05bf96f85a8513926ece", "file_type": "modified_file", "id": "file_462", "md5_hash": "59ab91efdfaff60ceca489faee8c397e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_96.db", "sha1_hash": "013c3400ebe04018a8ba05bf96f85a8513926ece", "sha256_hash": "83d982668329811a4eb6d620b3baa1b5b8cd05e33b9a14da43f197d9c16eb490", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/98399736baba2f252b5b2dfe0c9b6a177b60eb70", "file_type": "modified_file", "id": "file_464", "md5_hash": "5550f3a3faf77ba31ff8cb8aa2452af4", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_custom_stream.db", "sha1_hash": "98399736baba2f252b5b2dfe0c9b6a177b60eb70", "sha256_hash": "25474e6719393a8b65e67085ec53d770d77ecc68cf91fa2581242eb8d92531e0", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/03c52f304dd7b54c7d5a69e2a574811fb5d51193", "file_type": "modified_file", "id": "file_465", "md5_hash": "0a68d4faf0383e77e3f22d60e2d98fd7", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_exif.db", "sha1_hash": "03c52f304dd7b54c7d5a69e2a574811fb5d51193", "sha256_hash": "f683e7c200fc56d71e4f996c6a6564fe583eaa70fbed4f54981eb7b649e1d4a3", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/aa909dd16c8dbec90e5cce2960727e66b3a936ce", "file_type": "modified_file", "id": "file_467", "md5_hash": "fada87e3fea81eede92bfea8606fd61f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_sr.db", "sha1_hash": "aa909dd16c8dbec90e5cce2960727e66b3a936ce", "sha256_hash": "efe09c26fd50dd628d3d2a468779d802096219db65b9c692ec6717e645308127", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/5eb9cb1ac9c97a5de583add0e660682ff33c43d4", "file_type": "modified_file", "id": "file_469", "md5_hash": "53a9bfbb45b90e2a41103c35c8658d1d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide.db", "sha1_hash": "5eb9cb1ac9c97a5de583add0e660682ff33c43d4", "sha256_hash": "5ee2f440471473e0075dddc7b952e931ecfcd72a404134991a7cd8398180a6b9", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/fd944a47725230f0b569abb774f7dbb3371727c4", "file_type": "modified_file", "id": "file_471", "md5_hash": "ec0dac0e26f04c20545c25465723c368", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\internet explorer\\domstore\\52uk17nv\\www.google[1].xml", "sha1_hash": "fd944a47725230f0b569abb774f7dbb3371727c4", "sha256_hash": "e399b1ec24ed664e4d67e308a614da031f95ea57df5368ef0daf7cd87f17c9d1", "size": 544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/11d901255b1978b0f98134993f27ef173e2ee227", "file_type": "modified_file", "id": "file_473", "md5_hash": "f0ba071403c582a7ef9044a4343a8742", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\internet explorer\\domstore\\l8oqst1l\\consent.google[1].xml", "sha1_hash": "11d901255b1978b0f98134993f27ef173e2ee227", "sha256_hash": "c6ce6391a34e4c364caaccf95bc3a233d723caa4826842ca74e003067f7dda99", "size": 544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/774b27c8b0864d4a6a804549b687cb9455fffa08", "file_type": "modified_file", "id": "file_474", "md5_hash": "51947ffd5514e151ddcaa4f68e27a8b1", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_256.db", "sha1_hash": "774b27c8b0864d4a6a804549b687cb9455fffa08", "sha256_hash": "e2ae56bfad2ec2fe500c76aeb1f57f11ec16195cd804581b206aca43c2be7e0c", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ea9ed7dc6463a6a9f49a7b1fde156b5c29d9aa9b", "file_type": "modified_file", "id": "file_477", "md5_hash": "04737579390b94fe984d9c857157954d", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\iconcache_wide_alternate.db", "sha1_hash": "ea9ed7dc6463a6a9f49a7b1fde156b5c29d9aa9b", "sha256_hash": "0a1f0b89b51aa6466891a75d4b708651f9dc18699c2b57806f6d9a010ca1dcd0", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1746e7db5ec2152d99dff29363e005852ac18116", "file_type": "modified_file", "id": "file_479", "md5_hash": "27c6858a69cc97bef33ff974c25725f3", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1280.db", "sha1_hash": "1746e7db5ec2152d99dff29363e005852ac18116", "sha256_hash": "60b8b1f171c03bc176c139164d833acc178c85b7b88cb604373f489211e416da", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/1375a7fba96d68184a55c27557c2160cdf45bfec", "file_type": "modified_file", "id": "file_481", "md5_hash": "1b24296c9646ae4016bd39cfc929be01", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_16.db", "sha1_hash": "1375a7fba96d68184a55c27557c2160cdf45bfec", "sha256_hash": "2fa73997efa0fe647cd36d5a9e9155ee8b61836bc720f1d127b6ab0adca807ab", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/127fc146d12a0a941733074ff17cc11acd85d57f", "file_type": "modified_file", "id": "file_483", "md5_hash": "31af4e840b0a8282c753cf861eace6f2", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_1920.db", "sha1_hash": "127fc146d12a0a941733074ff17cc11acd85d57f", "sha256_hash": "da417ac9b52d08c29a13d8653b468ca090bc445287519a9d75ad3bb4c7cd704a", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/aa81e45004a30685536ce97b81ed8eae129a6824", "file_type": "modified_file", "id": "file_485", "md5_hash": "43a53c7ec10033300ac4dd6225d461dd", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_2560.db", "sha1_hash": "aa81e45004a30685536ce97b81ed8eae129a6824", "sha256_hash": "9478cb573628c7389b4dfa7ec33661fda7e142437beeafd22ccf0128fa06134a", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a8743e3dfd5c3262509d3ae3856464d6f692f3fe", "file_type": "modified_file", "id": "file_487", "md5_hash": "600b1818a6d34480d33eea000c277a31", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_768.db", "sha1_hash": "a8743e3dfd5c3262509d3ae3856464d6f692f3fe", "sha256_hash": "a735b431c6ec13c900b4d4228380c0e3170d6674f535ce2618af5ec5af29ba39", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/9314f15f45b9836e66e95c428ad2c17b844df24d", "file_type": "modified_file", "id": "file_489", "md5_hash": "407bc8cee99932182ab3c65f649e911b", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_96.db", "sha1_hash": "9314f15f45b9836e66e95c428ad2c17b844df24d", "sha256_hash": "3e11a32d4553052a05f275d0177301c9ef3dcd50f81061baeb72ab69a508d454", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/6324e7e2fab26c44948155c957bcc8f14832e627", "file_type": "modified_file", "id": "file_491", "md5_hash": "3bf9c336a0b4e1c08b6ef5d1c034e92e", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_custom_stream.db", "sha1_hash": "6324e7e2fab26c44948155c957bcc8f14832e627", "sha256_hash": "eaa66b36e828fcb060da292973b131d1587838ac907bd8379c77930b569753d0", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/ff41569ac29d2c673a37689a9a39ef628bfc4351", "file_type": "modified_file", "id": "file_493", "md5_hash": "4112f9db59c9acfc9e186b3e82efb6c6", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_exif.db", "sha1_hash": "ff41569ac29d2c673a37689a9a39ef628bfc4351", "sha256_hash": "8c4469c907a7e1d75d3ff2e98773e1d1bf5a9331b540134c8c5066bcbcdda0b0", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4cde6c7deeaecd552a9c2ccb3c1b04eb28b64b3c", "file_type": "modified_file", "id": "file_495", "md5_hash": "523e7d518b79763900f2f879fb01e5db", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_sr.db", "sha1_hash": "4cde6c7deeaecd552a9c2ccb3c1b04eb28b64b3c", "sha256_hash": "6e2146344d81eac7e438e3a79c3e8d892e81816b64cc2ba095e09a67bfdeb571", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/7d3c8ac2a9f453dde15c9c34518c21968e16e71c", "file_type": "modified_file", "id": "file_497", "md5_hash": "949084f7925607a890f972e517df979a", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide.db", "sha1_hash": "7d3c8ac2a9f453dde15c9c34518c21968e16e71c", "sha256_hash": "5cd60768718bc04e544a1417dfd2f493748e177fc07050be0d83a1e645e4c856", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/4fc116ae89c7ce8776384ce3b787f0738f5f336a", "file_type": "modified_file", "id": "file_499", "md5_hash": "60c61a888f0573147219df1fda475503", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\explorer\\thumbcache_wide_alternate.db", "sha1_hash": "4fc116ae89c7ce8776384ce3b787f0738f5f336a", "sha256_hash": "7ec88ab19d21863ad0879619651e617ca84d69095d73c69f401e5d9fdc44d29e", "size": 560, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/f570ef64409adbbe5d809ebfce0728234f56d4ac", "file_type": "modified_file", "id": "file_502", "md5_hash": "0631f71880943dfcf057e87692abf03c", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\locallow\\microsoft\\internet explorer\\domstore\\jukmmx7p\\secure-ds.serving-sys[1].xml", "sha1_hash": "f570ef64409adbbe5d809ebfce0728234f56d4ac", "sha256_hash": "1c4a6dcd818db4b9a1d8b1f159aff7eea5746a91a98b0362aca4f6def28482bb", "size": 544, "type": "extracted_file", "version": 1 }, { "archive_path": "extracted_files/a9c28f5f7652f67547a6aed28cf5b749d6a10523", "file_type": "modified_file", "id": "file_506", "md5_hash": "facb92e802657acec0e601099feda01f", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\local\\microsoft\\windows\\inetcache\\counters.dat", "sha1_hash": "a9c28f5f7652f67547a6aed28cf5b749d6a10523", "sha256_hash": "e5bf4e0df2157904a32ea3c903931640cabadbe0cd21b5c4ecced2087d4b1d3f", "size": 128, "type": "extracted_file", "version": 1 } ], "process_dumps": [ { "archive_path": "process_dumps/process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_514", "md5_hash": "551f9adb9dd123f9af9de8cf3d376e31", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0683ac9f8aa4a13a2e226a0d09c1c0255222c5a1", "sha256_hash": "5abfc18a40cfd7af702d1b86e13e8408b112e51f7534eb5f5ad6ce8e884e7c52", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_515", "md5_hash": "d9450c95cfa3f07f6dcf573748c41a76", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3e6132110eaa7d837c0d80db0369382dd64a0da3", "sha256_hash": "4c66986ab3dd4e26d1a16cd4a93b2ff695374f35fbe240d268c53ff71f6a1496", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000009-addr_0x0000000000400000-size_0x0000000000027000-perm_rwx.bin", "filename": "process_00000001-region_00000009-addr_0x0000000000400000-size_0x0000000000027000-perm_rwx.bin", "id": "proc_dump_516", "md5_hash": "6cc1bcb1da2d9cd5cdbcdb4662337b20", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d0033db4b01e5342476b73e6614e84c26a786413", "sha256_hash": "48bd11fef1f3bc9e31f600946f78aee1b27eb14b9259bab122b8765761bbe49e", "size": 86016, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000191-addr_0x0000000001dc0000-size_0x0000000000150000-perm_rw.bin", "filename": "process_00000001-region_00000191-addr_0x0000000001dc0000-size_0x0000000000150000-perm_rw.bin", "id": "proc_dump_517", "md5_hash": "6279441e0e24fd8b52dd434d0174a4d7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "409d81a6639c8359203371d54c8b3baece42fbcd", "sha256_hash": "2c75637a58b192383b1369642e73e23385852ef20f06e32d4bbd09c003418ea4", "size": 1376256, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000192-addr_0x0000000000430000-size_0x0000000000012000-perm_rw.bin", "filename": "process_00000001-region_00000192-addr_0x0000000000430000-size_0x0000000000012000-perm_rw.bin", "id": "proc_dump_518", "md5_hash": "497f2dcae603871376fe6b0d78162f35", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18d4b8197868e2758d4efaf3cabfa483f8b7885c", "sha256_hash": "c86ccc573dcb2cddf2e9a7a077764a5bca26c8c87eec872a9944c30f7b4262b9", "size": 73728, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000205-addr_0x0000000001dc0000-size_0x0000000000130000-perm_rw.bin", "filename": "process_00000001-region_00000205-addr_0x0000000001dc0000-size_0x0000000000130000-perm_rw.bin", "id": "proc_dump_519", "md5_hash": "fa1ab9e0d584610378b2a0efc2fcbd59", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c444a03df3c77dc102f6443a9593ba9fd61e59c", "sha256_hash": "02f18108dfb6866e15f96251665c2541d4394e2d16b32fc9a02ffb37d3279958", "size": 1245184, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000207-addr_0x00000000003f0000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000207-addr_0x00000000003f0000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_520", "md5_hash": "0fca442b9b27e8fb61624ae0178e15b3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f9a77e67364ab361c3c4717bfebb3922077f6c13", "sha256_hash": "55e4e8776cdda68a91bceb01a11de38a8ad7e2c74f38caca154be8ac555817d9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000208-addr_0x0000000000430000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000208-addr_0x0000000000430000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_521", "md5_hash": "b85616dd94064acf81fd04a2d228ef4b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c89d84447d1a186119560f48ca68e8878356344c", "sha256_hash": "ad3d14a456f10ef94a49cb8feeeb0ae4c0addcbd19c00f2617aba4ee6b642ea4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000209-addr_0x0000000000430000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000209-addr_0x0000000000430000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_522", "md5_hash": "2b9038c9b2ea4e458192b2b10282e487", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b20e2aab8a3c5dd14c647ead3c88a0a49c16213", "sha256_hash": "4c1712309212adb867288e41f88394cdad12f471c5951f3da01309ffdd6c3d27", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000210-addr_0x0000000001dc0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000210-addr_0x0000000001dc0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_523", "md5_hash": "a1502c36bf4fc3cc620c3ed15ca836cd", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cfe7c8c509fb48a4681d9d4d3279a111169a98be", "sha256_hash": "a1f56d6b5ce71c62ab145f0d1037dce1ae02bba7173615d9c822eacc29a00892", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000212-addr_0x000000007ffd5000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000212-addr_0x000000007ffd5000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_524", "md5_hash": "1504c9f68fa5d783bcbd358b4cefdfd5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a3e5b15bb66c6abaa6757b391401f33c276bf1e9", "sha256_hash": "82ed4656f98574b97ecf4efe158cfeae0efb7b31294272a70daa5317e05a357d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000214-addr_0x0000000000470000-size_0x00000000000c0000-perm_rw.bin", "filename": "process_00000001-region_00000214-addr_0x0000000000470000-size_0x00000000000c0000-perm_rw.bin", "id": "proc_dump_525", "md5_hash": "d512411ffb5755e62fdcf3e62c1fa52e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e7dd51d8e118d68e29defba286636ea0e14b0e8d", "sha256_hash": "beeaf160880977b5a04beb61cc4d4050ef804909b0f74414348c909205371cfa", "size": 786432, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000220-addr_0x0000000000520000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000220-addr_0x0000000000520000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_526", "md5_hash": "1ca37fdba265c6b051049bffb0740928", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "32f1ffecb3535dd723ec3778830cceebb0922e43", "sha256_hash": "8d4646e7b3843c75fcf8b6175573c23a4e7d92e41fc6014172eb770309c5c961", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000226-addr_0x0000000002410000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000226-addr_0x0000000002410000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_527", "md5_hash": "a6f15fad338f9a72bb267264d98cba66", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c4a5e7387c5e32e7006f5b9c12e78667d38d0e5c", "sha256_hash": "4686858cf6afa5b0e6a22473ffb19f539cb7cdf52a579023342bb865f4d6c44a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000227-addr_0x0000000002450000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000227-addr_0x0000000002450000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_528", "md5_hash": "ad96d2560da3a11b9641456d7f630dbc", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b64b218e16a362f58b9d3750feeda099a3f089e8", "sha256_hash": "f2f7afb7a160ce06b5f99461d0c74bf0c9a109b8b66e24327d6279a0d172ec93", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000228-addr_0x0000000002550000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000228-addr_0x0000000002550000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_529", "md5_hash": "c304accd61fb1605c14a2f87437c75c0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2d8acc4dd0cbcf5eebf67a1ce3b8b7ebc7089828", "sha256_hash": "2fb4e612bad02534b6ecf7c9bda50732ef6aa3ebdde021941cc60d295a36933a", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000229-addr_0x0000000002590000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000229-addr_0x0000000002590000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_530", "md5_hash": "679a976ac127575f47949e4c4e1a8b10", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "72d05e4a15d45e60b1975e9cab611f9391abec8e", "sha256_hash": "8ccd1d210d7198d3cc040d380dbdbe87cf86839f5669cd5b189ed5b30c182508", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000230-addr_0x0000000002690000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000230-addr_0x0000000002690000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_531", "md5_hash": "f68ea079e0a748d11bbc200dca55aebf", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d7aa7f5badbe07acf010c811464d01b13f76153d", "sha256_hash": "220449895c826f5954c94503b620ed092af786d23d429b53b5d7b026488cad8b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000231-addr_0x00000000026d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000231-addr_0x00000000026d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_532", "md5_hash": "c7f32e57312df27f01e7848706621543", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "27eb33b5c86bb3d5e6920e21af6e65e8aff77e43", "sha256_hash": "2505a9275a0040c27f7d989da8ece9f08431d1c7703bb379fc4937cdf7c0b7d9", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000232-addr_0x00000000027d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000232-addr_0x00000000027d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_533", "md5_hash": "d8c881c98fe7c85a77fabd6e00c9ebfe", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "49ba9ca7d683cde94cefa475a1fd03f37a17925a", "sha256_hash": "b6b00d74e3f2911fb24ba28dbad55a973d95339c7a7517b6c5e889ad452c3cd0", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000233-addr_0x0000000002810000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000233-addr_0x0000000002810000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_534", "md5_hash": "27111c1ba678a2a36e5780f0bde8e124", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9154497013d31b84c2b36da4a8b51014ae0478ec", "sha256_hash": "7234c86fd82cf312acb5ceec31cf149de53172e2874ed5cf321dc2130b412e1e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000234-addr_0x0000000002910000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000234-addr_0x0000000002910000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_535", "md5_hash": "864aa85d264449ec8f7b2fc8d6c3e5d6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "543668da7bd0185a21ebfebfc5367f619121752b", "sha256_hash": "e151d0bbb6c24738866ea16a43e9b596e5852434b92083a533f7c1a7d3b81991", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000235-addr_0x0000000002950000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000235-addr_0x0000000002950000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_536", "md5_hash": "933870a98dac029cd3104c3c8239483d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c11114430f8a934ecd30f50aeebbf9fc7cde0fb0", "sha256_hash": "42d97a8817b116952cebf6c6a23ef716df19e940e32ad7ea7dca7568a5d90e8e", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000236-addr_0x0000000002a50000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000236-addr_0x0000000002a50000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_537", "md5_hash": "b5e1bf4c1dfc74e629ed834d7548270b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1308abd65d7b16fd15ffa5a3db719bfefccad03b", "sha256_hash": "025846e81d97b2137360362ba935527994a05de45b0a9888072f245ce9e74400", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000237-addr_0x0000000002a90000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000237-addr_0x0000000002a90000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_538", "md5_hash": "7a0e47fe2c5ffecfddc282eb37a1fe68", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a54c97a1eab450cf2ebeed9a4dff19d840ad6ecf", "sha256_hash": "381172b12208fadb67bcaedc976e7653f0d6d688b154f5eb438033e5cc044cb3", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000238-addr_0x0000000002b90000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000238-addr_0x0000000002b90000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_539", "md5_hash": "42a205f494e4b525494d6e51439f0f35", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b37cc8dd2bd01ccdad3e715775520e3613918f1d", "sha256_hash": "74c84dc49ffa0595c2072d160bf21def74ec1f0bee182275a85a7749c8e48c0e", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000239-addr_0x0000000002bd0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000239-addr_0x0000000002bd0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_540", "md5_hash": "37aa33e3a1797bdbb26b1ac46727d40c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "55da5fbd13e46c510b7c78cc4136446e2821ff4c", "sha256_hash": "b7f89e714bec8757cdcc86aea34d0f3492111575038314620c15844dec134ad1", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000240-addr_0x0000000002cd0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000240-addr_0x0000000002cd0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_541", "md5_hash": "4aae9f00e68f16846ef2f17ca8c68412", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "099ff80642d29e8a665c4276f98c4f2d9fccb729", "sha256_hash": "8d84e83d8a1b9484d92451279ddbadd7a11f2bbd81090a78482e2b730b386ac6", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000241-addr_0x0000000002d10000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000241-addr_0x0000000002d10000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_542", "md5_hash": "6ca35f74ed54d5f8cbdef7367e3b3ed8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5837c806f4dae481a8aea1644c5f9f8f8e898e7b", "sha256_hash": "ee5b7e401f7e038dc2fb2433d48cb92f63103933d7fc19d7a28339003956864b", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000242-addr_0x0000000002e10000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000242-addr_0x0000000002e10000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_543", "md5_hash": "0d3698a0e446064788a2c32031043e8e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "49809e593cff64be5b17e10056f026bc55283e9d", "sha256_hash": "5f3a4e51cbf8c38a2191a45a4c9a7d50c675ae631306a5c9bdb1ccf9004e8565", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000243-addr_0x0000000002e50000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000243-addr_0x0000000002e50000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_544", "md5_hash": "75ad0a3e6020b1a0c5dc9bea6d6f80d1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0c4898913257d900ddbaa9dfd4ce1431c3b1a7c2", "sha256_hash": "2c79b52bc03f7a95acde8b1631d7ac124759871c905e969df64c8cf5ceaabacb", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000244-addr_0x0000000002f50000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000244-addr_0x0000000002f50000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_545", "md5_hash": "b18e8ca2be9a0c979baaf3974a93d87e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71a034dc5ba3279886497e6ea0e629a892a9ef1a", "sha256_hash": "76bbdd1fb22f431c4c3810ab8037b88ecb65a54749998854c43ed5590e39c37f", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000245-addr_0x0000000002f90000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000245-addr_0x0000000002f90000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_546", "md5_hash": "85bf606b7b1d88c0f7aff8dafb5fd01b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "becc4f1bdc4476daaf4b9f26e55365524eb27e05", "sha256_hash": "8fc99ff5458370aede297121dfebbc0ad579bdea7ef2f48a5c8de3d55a26ea9f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000246-addr_0x0000000003090000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000246-addr_0x0000000003090000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_547", "md5_hash": "932e5e80e3c0296a24deef0166af5fbf", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f9514d9ff1e2e56eeeaf42bc28c39dcbb45a1f2c", "sha256_hash": "9fdecdf1707917f7537dd8815c57e3bb98493c3220b97d22a8b844019363373b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000247-addr_0x00000000030d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000247-addr_0x00000000030d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_548", "md5_hash": "80b1f3433e041992bb185933c50d1b4b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ce5ebf79045116b0ef17bf9659d80a6613e2e67f", "sha256_hash": "73c7d71dffc2db451ff25f7f73ee6ee9b82674a8dac97652e232d9d54ca8c576", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000248-addr_0x00000000031d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000248-addr_0x00000000031d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_549", "md5_hash": "2475701c18173a862d1e9ba868a86ed7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8fca4015f2473e4ad75a2178d557262c3efe2e28", "sha256_hash": "db891c20e4b8ca79a4f6dd2b0d38a40b0f54efc59e1605418e6c2e67371b0e78", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000249-addr_0x0000000003210000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000249-addr_0x0000000003210000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_550", "md5_hash": "8ef1bfdb87eb69cb2923de7f71d0ae1b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad7ddb13d0fa3cd1dbc2164ba2510a5585289f3", "sha256_hash": "3ea708980d65636992a1cb598c7d29232a371f829d30e24f458dd448b6c39f5f", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000250-addr_0x0000000003310000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000250-addr_0x0000000003310000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_551", "md5_hash": "51673e5f495ab72b6d2b5cab3b02eaa0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0a1698b0d44740f0812b657e3f4620694dc305f8", "sha256_hash": "7283d6318c4d94f275d20a0448ba4fc706ad60a5988c30eaa374f8373d4c4e72", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000251-addr_0x0000000003350000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000251-addr_0x0000000003350000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_552", "md5_hash": "a56a080b85569fe221e98a250fbfdb0b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7de1e65db8794230e502e1d36e8e8f1ecb5875d4", "sha256_hash": "36a156415b354687589295fce175d324a866923f9ac7a9dd4f014fc76e586ece", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000252-addr_0x0000000003450000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000252-addr_0x0000000003450000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_553", "md5_hash": "bb3e4351919cf55815285ad4d97c7264", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f69154db4ac8f2c51e870d57fa0ed19adf71df94", "sha256_hash": "68612c04789d06be8e4ebb36cf1bdf234085510a89bcb1a617f2336a310b18ff", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000253-addr_0x0000000003490000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000253-addr_0x0000000003490000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_554", "md5_hash": "e306e1f78444c2c9cd65da3a594c0492", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f2e5f7c1493384796e1cef6259ce7c0bad151cee", "sha256_hash": "2c619a2d23072b2d5b1b72596f87c1a7e60b7175f2d68707cd1df07a2de38da6", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000254-addr_0x0000000003590000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000254-addr_0x0000000003590000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_555", "md5_hash": "a488c393745c8c28f849213b84042c10", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ac9ac6c46869aeb52152f3b69a6f6ea8126fd3c1", "sha256_hash": "d5b835bbc228f6241d7da8ae426f42426627341e8cb282c74bbeab97cae67eca", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000255-addr_0x00000000035d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000255-addr_0x00000000035d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_556", "md5_hash": "c4775ccb51364a610b58c63c72a91a49", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18b9cad958a468c9549446632f4f4dc0a3c45d2d", "sha256_hash": "f4b66127cf12ca2ff261c1530533b4754abc44c34bcfe8ba4b61dd65eb225dad", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000256-addr_0x00000000036d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000256-addr_0x00000000036d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_557", "md5_hash": "062c973d250fc7bb0f9abdfc3503bb98", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "343778daa06be1eefca8e36ba3f8f6c1a8762e91", "sha256_hash": "a1c89af8f7161136d5c11a7ff0c47413212c396b04f2d09d16e812716c3a1ef4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000257-addr_0x0000000003710000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000257-addr_0x0000000003710000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_558", "md5_hash": "0b1978b2f2810b908bb3a6a3a2219f3f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ff09dbd72eb7eb6cb80fb697452fa7b5d6b6ac63", "sha256_hash": "60e331bd72f6eba656a988c5de17fc12c14cb613b38f29bd0ad7a5a5e7106a25", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000258-addr_0x0000000003810000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000258-addr_0x0000000003810000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_559", "md5_hash": "c42ab000bb2009e0291fa39d2465ed65", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ca92c0459fcc602e8db1c788aa65ec92f5d838aa", "sha256_hash": "3431dfd55dacb31ed68d36b2e16165a924075b0abb2167940ca53c26cdf5ffbf", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000259-addr_0x0000000003850000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000259-addr_0x0000000003850000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_560", "md5_hash": "ee8c543b09e1c47ce1579c44e868a7ee", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6d642e10decff783f04e08416d14e1f5c51ba970", "sha256_hash": "1d49418e2f42f3503ba99c993fba1aa648fb66932d3741dc153a64d91c11a508", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000260-addr_0x0000000003950000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000260-addr_0x0000000003950000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_561", "md5_hash": "7b390b5e7f5b1edeff7299d2616dcddf", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "92d91b1a63d185f6e709d1131ca404b37dcc71e6", "sha256_hash": "f5fae46633a27ecf12d5769c0f235d592e5ab039ff6571e05c20fca450cceae3", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000261-addr_0x0000000003990000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000261-addr_0x0000000003990000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_562", "md5_hash": "093f99ed4e28ee9dff63c307859269b9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7e1894a6caded2fc7cd4115352cd39eff217d5cc", "sha256_hash": "362bd840bdca660724d292f1f14de667f4d3b8f85ea45b787535fdf732713eb1", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000262-addr_0x0000000003a90000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000262-addr_0x0000000003a90000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_563", "md5_hash": "854c1100bdd7bc02c5a55cf468e4b816", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13b179ca170427a6856515f01bed520bf82f9660", "sha256_hash": "b5a6a199b394dd48cc25ceb0abab6cf07b92e737cb92d0086d5d061f7c50a9e4", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000263-addr_0x0000000003ad0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000263-addr_0x0000000003ad0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_564", "md5_hash": "eb300652452e7f587db1492f6d08c07c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ebae3d4be7a1d345521949cf29bf67f93c57a714", "sha256_hash": "de02531dfae5259b50e5aae00e352a7c331f8ad8b3b3964d21ebae0c76412ad7", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000264-addr_0x0000000003bd0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000264-addr_0x0000000003bd0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_565", "md5_hash": "bb78fb8a494520265327173a14d2d1c1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd79f64b918bd6cb8c4c7386e12fa709a0929225", "sha256_hash": "127f2c1b07c890b21b79a841ce8c9b4712324d3e6af1657b12bee8cd7c4eac55", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000265-addr_0x0000000003c10000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000265-addr_0x0000000003c10000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_566", "md5_hash": "8b2224c325ed1fdc972282d8f29c3e82", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f87276abf3eb47ce2f76931971ef3806355cf0a", "sha256_hash": "af1eb9408ead3339ddcd51c6acddaa654e9d3a2fcca51da729eb9cc23c82f6e4", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000266-addr_0x0000000003d10000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000266-addr_0x0000000003d10000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_567", "md5_hash": "a895231b313cf350c83a690e7d4409b6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cd95cbc669aa7f16708e7c40d2895444dfd4ea3c", "sha256_hash": "845e3fd4911fbf0334c15d9bf2032aa3c5b523fdcee1039a717b5895e75854f0", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000267-addr_0x0000000003d50000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000267-addr_0x0000000003d50000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_568", "md5_hash": "a8c0fc364a59bbed89e06527e9461715", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2f372cc8a2c99f18cfa6dcea7384c76ec9803e97", "sha256_hash": "510b0b0d39c42e5d613030166433c4af32fa98e129d5f16db655eee9c7ea4a62", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000268-addr_0x0000000003e50000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000268-addr_0x0000000003e50000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_569", "md5_hash": "a3b857c0774927db4821b530804740ff", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e0493cfdd52540f7db1097e9d26f431cb63b96d1", "sha256_hash": "47c8d3487f87dabc53ce2a0e3b9c35508bda089ebcf4c928c5eefecb4becfcc5", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000269-addr_0x0000000003e90000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000269-addr_0x0000000003e90000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_570", "md5_hash": "676d38a916c8a4eb39c9d05af1b74c02", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3761b7dcf6e6f59a3fc20bc0fc71870cb1120f18", "sha256_hash": "ff5576771cfa96f669b6b69294f681bb244575ab24602097bc15a1440ff4d167", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000270-addr_0x0000000003f90000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000270-addr_0x0000000003f90000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_571", "md5_hash": "88b193ba7208c035f06ba484bc5f5f53", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "505feb001fb7e373be63145894464c02c0df73d5", "sha256_hash": "e4bd9c52213e8e2dd5ec1b7cd73311d7c530a93ff1da73a1ed13af320df8c547", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000271-addr_0x0000000003fd0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000271-addr_0x0000000003fd0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_572", "md5_hash": "3fd41f78deec816a29ceccdf6bdbfc60", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ac89fd5cceb7c3508765757e00aa01966d8ef6a7", "sha256_hash": "8896ad2982deef006a1fd15278519a8a1c88f092f4885dde14a44d118b2fc1ef", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000272-addr_0x00000000040d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000272-addr_0x00000000040d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_573", "md5_hash": "680f75c50f670e2aff12f55b55e3590c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e2804aa1503a45927884d0b818ce17916b5ec660", "sha256_hash": "c65a2dd1d49d52438f890e8adb57398493952122d4a63958b0aee80adf56ef7b", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000273-addr_0x0000000004110000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000273-addr_0x0000000004110000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_574", "md5_hash": "6b6f58a9ba0c4c8b51220a940bdd95cb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9844423dd5e44b2663ea406dbf5b1a5fe6adfb5b", "sha256_hash": "404d0db8a2e5faf224ad7d9325148ee4512b357eb1362b48ec8eb02c23d2e5d1", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000274-addr_0x0000000004210000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000274-addr_0x0000000004210000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_575", "md5_hash": "0952fd33ea918bc72a6e02963703f08e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "717ff67478dd43ffa9aa585cdf2489f4eebb820b", "sha256_hash": "b6b035398294f64c6b528a488d869ba57b3d25f1488c477d9d91bd9d53e8bc34", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000275-addr_0x0000000004250000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000275-addr_0x0000000004250000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_576", "md5_hash": "045a187c4095dcb75ccdf2efb51ea6f1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bbafc9fa745830b30ac9d57ef9c798bc7841298e", "sha256_hash": "1cead12e44ad28aa92148c06cd534c96cd8073da4d75429ab617f3a34982d005", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000276-addr_0x0000000004350000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000276-addr_0x0000000004350000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_577", "md5_hash": "c5c2f7631d275e5cb996e1ebbaea346f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6a5f9b813dcdb1324196924d29506a4c39cef94e", "sha256_hash": "8993cca1e88476cc931929ce3b8ca0a06c45a9a0e6d3ef2157de3ba0b9e6745c", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000277-addr_0x0000000004390000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000277-addr_0x0000000004390000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_578", "md5_hash": "b182212341197872f6f907a26bc4762b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "484dc1389588220e0c3c46ccb7963b4afe8c6e17", "sha256_hash": "be4684dba1e99cddd9e71d35e108089f3fc4f35128624fa781bc9faa16b3f9d6", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000278-addr_0x0000000004490000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000278-addr_0x0000000004490000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_579", "md5_hash": "b41c359d27a080c2b8d1fd2aa13518c9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6587858d21b76a060ec9669883e7988410dca2c9", "sha256_hash": "1f61bce16ec8355a0eebc44fa267a77442d583a622eb711d45b89973f197c591", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000279-addr_0x00000000044d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000279-addr_0x00000000044d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_580", "md5_hash": "ad665249da32bc9d0fe9e8951335de05", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "488775af9ef122109b92b6428e2c53df467e2bbe", "sha256_hash": "d483d0c6e949e6161fc63dd26462611eb8eb9e5783b9f3d58e3b6eef064a6b56", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000280-addr_0x00000000045d0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000280-addr_0x00000000045d0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_581", "md5_hash": "d09e477d399dd620ba2289f571297b65", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0a1e7c01b10a6244049ca1f98df37a40ae5b3db8", "sha256_hash": "ba9f8aef82ade0bc0c3ec1ba4eb67c0013f828771bf689e0369a3559fafab1db", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000281-addr_0x0000000004610000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000281-addr_0x0000000004610000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_582", "md5_hash": "d66d8894fd75e91c4dbdf85066760f4f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "522b34efb293f92968ea0519a581b8bb0301849f", "sha256_hash": "e2a977bf37acfa132b451c98ec1d7718435b3e03c57aa3297b789beedd428a30", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000282-addr_0x0000000004710000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000282-addr_0x0000000004710000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_583", "md5_hash": "ec8ef72abcec706fc0b93788fc065e60", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d9af9ed3a691214377ffbe9b4bcf68468958d85e", "sha256_hash": "fedc90ca69b8e881544662308513c6aca31c5446c1c1a087cb891b2806cfd131", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000283-addr_0x0000000004750000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000283-addr_0x0000000004750000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_584", "md5_hash": "449606bd46ede1eae1b165c23ba033db", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "51d6138b29fb7819df29611c990a710a7ee9bfd7", "sha256_hash": "2f5e16d007a0c28f964aa838bb6ac4a4f1bb2eec3bc74a7c3eebc9e3fbc76327", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000284-addr_0x0000000004850000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000284-addr_0x0000000004850000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_585", "md5_hash": "deec6f5ac8f91be95f9c099c1376c636", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9227abc6bd8a334021e8dedcefebe45bf54bc3c4", "sha256_hash": "13adf9501cbb3ecfc53398e07584371761de755780ed619636ac9e704fda6470", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000285-addr_0x0000000004890000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000285-addr_0x0000000004890000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_586", "md5_hash": "de3c53164095bdec3744986d0cffb799", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d2fb4099375454c9843ca8a0c1de4113228ba648", "sha256_hash": "b351194dfee4be39b69e829655bb3dbaf704bd6fb1e68498242df06fc3783fc6", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000286-addr_0x0000000004990000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000001-region_00000286-addr_0x0000000004990000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_587", "md5_hash": "b88d82bf2c87cbe54e96dd5721899d74", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6acdfe0d593b8b26c9a8298a7eeb0bb9a710b1ea", "sha256_hash": "195d7eee50c8fca1ad8af409e68383b257d4de92f6e01a3242c6a68b62efd8b2", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000287-addr_0x00000000049d0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000001-region_00000287-addr_0x00000000049d0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_588", "md5_hash": "c7599f14c82d8f063485f9645582cc31", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7a43ddc3edcab3606b62ed06267d0640fac45d2a", "sha256_hash": "879a539b50d6f70c00101a395c7d27b3499280f5eb8fde4c3aa2e172a6c4a6b8", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000288-addr_0x000000007fe50000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000288-addr_0x000000007fe50000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_589", "md5_hash": "750f67aab63e67370f7555c23f4108b6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4b995ab91cea0d80588e4208fc77c5ce3cdb6e95", "sha256_hash": "56472ce4ce978e10a69fe0eac6933957b74191d7ead3eb8d4051ba0f62e24e8a", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000289-addr_0x000000007fe53000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000289-addr_0x000000007fe53000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_590", "md5_hash": "50bf7433a4444e3c3cc20bbd05d65b58", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0647691e9c925755d31c73009d07dc4293e86d1f", "sha256_hash": "6f31db0a58b778bdfdb8021f653890b527da23c40535cbbb100ed4ec80d615f9", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000290-addr_0x000000007fe56000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000290-addr_0x000000007fe56000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_591", "md5_hash": "8b2211920113f31384e35b5047af3280", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b17adc380caa756427db74416b85d0085a8b6b6", "sha256_hash": "d7d3dd02313ec1ecdc4911bfb86d5415835366b89a5f319855f2585da8cd71bc", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000291-addr_0x000000007fe59000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000291-addr_0x000000007fe59000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_592", "md5_hash": "88a58d4ad024cd6ed2b2c904b6a6a20c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4f65431b1009431f327b04eac056e4a53281f960", "sha256_hash": "95dc69d726630606cc7a3178e99da8c9170bcc932ff32bdd2ce21bbb1551d335", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000292-addr_0x000000007fe5c000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000292-addr_0x000000007fe5c000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_593", "md5_hash": "6bc1436d98b7178dcb8c60643c288133", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0bb6524d32bb80a12fddd7e3d48e2512a4e4c4ea", "sha256_hash": "2bcf5f6f69b53b464e0fa2979fc649e442f315c54c0ca8a07f68a5a2d4dc6b86", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000293-addr_0x000000007fe5f000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000293-addr_0x000000007fe5f000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_594", "md5_hash": "1e89cd6f768929f0af7b16c5e07002de", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3fc60a83a4851b0453f98f35695e0dc1b327f998", "sha256_hash": "9e28890bad124ab2034cdcc0ae6837d33f147a61eb88d1498a38205715cc375a", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000294-addr_0x000000007fe62000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000294-addr_0x000000007fe62000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_595", "md5_hash": "d83a61a152d7bf9af293933a08afe0d9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a1b09d567404df5c5c2149bec389861a330bf697", "sha256_hash": "37bf7790a48d165d0c90e11e40268d8df67977e541372cf8720d52aa4138a4bf", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000295-addr_0x000000007fe65000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000295-addr_0x000000007fe65000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_596", "md5_hash": "fccfc084c7eb8c23f75b15dc214c71be", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e74488fe1e44f888de8fc010cb7c4d025051c6a5", "sha256_hash": "dc8f56b716ae8680573444b973045af70d2c86fb2f5b29094f25ca5658f48e28", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000296-addr_0x000000007fe68000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000296-addr_0x000000007fe68000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_597", "md5_hash": "31b1865a73fc6d74b958617c248f023b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "512066c7e32ba634633aab818e9be7beba3097a2", "sha256_hash": "69e1185faa4a47aa02defc0234228d95dd8551fe323a2716a00baf9d73294f3c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000297-addr_0x000000007fe6b000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000297-addr_0x000000007fe6b000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_598", "md5_hash": "0740bfb9c6beb5c4d2845e0f2359bc1d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "05532cfb968a8bfa4840f684bda61b5e38fe1a04", "sha256_hash": "5eeb90cb79bb294d2a5fe27c74a10c51dffeb1bb2af50f79cdd94d880a0488dc", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000298-addr_0x000000007fe6e000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000298-addr_0x000000007fe6e000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_599", "md5_hash": "5d0ba285641303366ebe45b176af52cb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1fb84574a1660eb8eda03c12611b426af0184012", "sha256_hash": "cac2e7ec8c51c32945ee4c0fe0fadf4d55f9f7088e049ac35e01a2f6bd2b4f3d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000299-addr_0x000000007fe71000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000299-addr_0x000000007fe71000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_600", "md5_hash": "d8820bb0899558ed08a30b78e9712939", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "80607ff5261863fa1dc1de82325a68c5d532881c", "sha256_hash": "8dc7a7abefa746b4b61797bc15e4e5a72134bf451be21bd32d55cf73353ca845", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000300-addr_0x000000007fe74000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000300-addr_0x000000007fe74000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_601", "md5_hash": "6371debf56f8188d6bd0dfedb8ef8f16", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "572bd15ff6570ee04f4cd03cd263a878cbb2793d", "sha256_hash": "0bfd44b11e9c6c7d97db31cba56d6ef436ad4067b2ccd13938c9ee8065fb31cf", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000301-addr_0x000000007fe77000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000301-addr_0x000000007fe77000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_602", "md5_hash": "a1d15765ce0994f64f3a30a729de1744", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "230ed69bc401ec3f9f9749ed076a906add2d32cb", "sha256_hash": "c0fa3cf9b997a9588dfe73a5b9412c2f2ecd57e5a5bce8d6c6ad2533efab0a2e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000302-addr_0x000000007fe7a000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000302-addr_0x000000007fe7a000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_603", "md5_hash": "11a991fc57bc5b1dd7fc88e3994dd824", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e55f9e455f3b7e190ee1c51a1103e8bfbb24d1bd", "sha256_hash": "ce7097f8415fe18af5c64079d3d6dd8431cb23472526f0b1302fd8dd45dfc8af", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000303-addr_0x000000007fe7d000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000303-addr_0x000000007fe7d000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_604", "md5_hash": "08aaac140ba124c9bb8a0951d59dd086", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0d1eede5cf1a9f2985b52e317a11254cb4e8d435", "sha256_hash": "ed81cbd3039e59fcfd0c99a738cff776cc23a2f8c181371f85992945f9ef109f", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000304-addr_0x000000007fe80000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000304-addr_0x000000007fe80000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_605", "md5_hash": "68ca9e47c41582021fa45355d580d15d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4c9348312028bde700bf475106d623c4e339f903", "sha256_hash": "bce94001f4f89f9d1876dce696d7a4186b5150c48ba5505ba76da9bbe28f9c20", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000305-addr_0x000000007fe83000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000305-addr_0x000000007fe83000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_606", "md5_hash": "176b0aac4465a3800a24d2e5571f138c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d59272b7fc615d482a4e6500c671a1f354c70595", "sha256_hash": "e6a960d14ca0501523cb18914e22542e38c766e766d95c880d9a9a969d906a68", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000306-addr_0x000000007fe86000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000306-addr_0x000000007fe86000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_607", "md5_hash": "4c829b22c7a99bdf625389df5761604e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c9911de29187f30b1e53ec83411691140d8a4af3", "sha256_hash": "13e11987052cdd6df06b9d54f37264ece4f96bda7aa83e047c5dfcdf0a68d066", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000307-addr_0x000000007fe89000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000307-addr_0x000000007fe89000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_608", "md5_hash": "5b8528097543b6ac64707e329e2ef6e4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ad28eb38c1fc8090409c64abb9420379d91a899d", "sha256_hash": "7488fdf731f27e7e47f61dc876af704c5c139d71f0f499e2ff3c80452b90551a", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000308-addr_0x000000007fe8c000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000308-addr_0x000000007fe8c000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_609", "md5_hash": "42d8cc4456155de287e6eec596b368e6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a69c512b9767ddcb12377069a49778c310eaaf53", "sha256_hash": "ab4083ed91e8dbdf2c98fa9f51d142e7672546679febd6afb1ec0bd3d5a06f76", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000309-addr_0x000000007fe8f000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000309-addr_0x000000007fe8f000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_610", "md5_hash": "9733a8f1a847996d4c07ac2bcb624943", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5c0bf993eb077c599eb85ba7abcf332a57888310", "sha256_hash": "a985f1e7dd3202aa2123de135ac132f6ab699995a0614198089ea3648478ffd0", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000310-addr_0x000000007fe92000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000310-addr_0x000000007fe92000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_611", "md5_hash": "5b490a957a741bcea04589c363c9865b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3e962ac839cf831ab72db7d1f0bd747f2e9dc64d", "sha256_hash": "a7b5baab897bb209c075babba5ddcd6f32be505f55c3cb28e46c1a5b572d98ad", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000311-addr_0x000000007fe95000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000311-addr_0x000000007fe95000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_612", "md5_hash": "bf23e3d9d541ba2c768d5e8e7c86ab21", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5890cefbbd738a5fbd0e1654fa7b06ca8f837e8d", "sha256_hash": "f74cfdb5eab9618228578e54649596bcda4b8da5f38c33575d93cd516e3032f7", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000312-addr_0x000000007fe98000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000312-addr_0x000000007fe98000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_613", "md5_hash": "5c48c174b1635a4806874f94ed3437ad", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9c1165d5539fb0800a409c703aaeb611923e9677", "sha256_hash": "b5aa5031ae7d07656eaacd8ec186282181e70fb494239a9ab6ca9030499094b9", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000313-addr_0x000000007fe9b000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000313-addr_0x000000007fe9b000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_614", "md5_hash": "4ebd2ddfd18c7cb26704e4da4c9b9603", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "89ea466545993bbae6a8f250527acac5e933a32f", "sha256_hash": "fa91266db2ae528ac4fb1d80785d8c358a1287587d153e62bc42004821df5d14", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000314-addr_0x000000007fe9e000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000314-addr_0x000000007fe9e000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_615", "md5_hash": "3af4c3bcaec7f5281fd6b3df0ee168f3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2e90e051efaba66f2a45bdce67bfbc00b1837540", "sha256_hash": "99039e054c23f3affc7f5adb4c2e2082ae02a84b028fce873f1f66f8b4f94d9f", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000315-addr_0x000000007fea1000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000315-addr_0x000000007fea1000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_616", "md5_hash": "4c3f426e0be44aef561ea48f0e036266", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a3d0d289c93c4bc4a3131c66d8ad911964dffcf2", "sha256_hash": "171abc59b3790d501a3794c1ac55b35b907274008bf66c7a82be9e95b87d8a0d", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000316-addr_0x000000007fea4000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000316-addr_0x000000007fea4000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_617", "md5_hash": "53e35b3bebadabfae4e53e67cfada414", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "69948b5c4ed3568fdac7f68a2c07e2ac9758f022", "sha256_hash": "39ab6b11cdd2eb79406b19cbfba124b3f2cc76188de91b048099aa924d863fc1", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000317-addr_0x000000007fea7000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000317-addr_0x000000007fea7000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_618", "md5_hash": "aa09e11dc48f4d0ba47a0f35d08c16e6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3425b9291506c7b5c6190c1e4fbf7a2b9623d678", "sha256_hash": "3adb5bdd6e1ad3e2e5ff2149f75da6c15f425a2be2fc87684799cdd0547babc8", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000318-addr_0x000000007feaa000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000318-addr_0x000000007feaa000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_619", "md5_hash": "039994bd341f41d7f3e61afe62cd6c29", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f46bc712345250cf5ba4a126882b33b279bd624f", "sha256_hash": "1443a4fcea28fb682b080a892d7741feb61603e3e1aba5ad6f7e3496e1250999", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000322-addr_0x0000000000510000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000322-addr_0x0000000000510000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_620", "md5_hash": "4b5eaaa01ff5b867ce30f1a791b7ab7a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "835e85e424d48ebff614a11a82297033da8e04bb", "sha256_hash": "11b7547e6e4616c8aa6706ff740b8b6958132a5be163e4401c94bba38de54db7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000324-addr_0x0000000000510000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000324-addr_0x0000000000510000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_621", "md5_hash": "77c905d1dd63803f257c247af231dce3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e27e7584e23fd3351ded38eeaf8cfe9e3c0458d0", "sha256_hash": "9a45322be58fc4193fcd59d27ff5e01905871cc30cb79cbbcc498d91838b6f85", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000325-addr_0x0000000000430000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000325-addr_0x0000000000430000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_622", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000327-addr_0x0000000000430000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000327-addr_0x0000000000430000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_623", "md5_hash": "f4b191c1f6d1490645bf0d331a318d1f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "29a06dc4b6d2eb83173ef220f68ff3eef620214c", "sha256_hash": "1b1c9e1db664f408d0e2d454ac0ee6132755bd3df129238c32f530ee6b36eddb", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000329-addr_0x0000000000430000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000329-addr_0x0000000000430000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_624", "md5_hash": "e0ac0fdad7fd458c7739c7f5c5fc1d03", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d5f420b9f411d558e24e8cee92ff8c6098f2b7f0", "sha256_hash": "9bee49daa333a34c3b32e3d654e38604f060fe81d4cb409c2d7686874eba4e1f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000388-addr_0x0000000000430000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000388-addr_0x0000000000430000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_625", "md5_hash": "5076f644c17167c079d34b12500e95b8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf05faecc2ed81a1988c7e0c46eb7f55f1b37842", "sha256_hash": "c7412755ffca726821076f275626e8b7cd69e6489fbeff993a7b94377c51a433", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000389-addr_0x0000000000440000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000389-addr_0x0000000000440000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_626", "md5_hash": "b85616dd94064acf81fd04a2d228ef4b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c89d84447d1a186119560f48ca68e8878356344c", "sha256_hash": "ad3d14a456f10ef94a49cb8feeeb0ae4c0addcbd19c00f2617aba4ee6b642ea4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000396-addr_0x0000000000510000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000396-addr_0x0000000000510000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_627", "md5_hash": "e0ac0fdad7fd458c7739c7f5c5fc1d03", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d5f420b9f411d558e24e8cee92ff8c6098f2b7f0", "sha256_hash": "9bee49daa333a34c3b32e3d654e38604f060fe81d4cb409c2d7686874eba4e1f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000397-addr_0x0000000000950000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000001-region_00000397-addr_0x0000000000950000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_628", "md5_hash": "4c40d726de5c4a1e5c19b8f61dcdf905", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d557b45d2b0f14ed87830892d04135165fa241a7", "sha256_hash": "57b514a1bef325376ddedd70b64a239135890e33193b4a482711a7256e7d3278", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000398-addr_0x0000000000950000-size_0x0000000000016000-perm_rw.bin", "filename": "process_00000001-region_00000398-addr_0x0000000000950000-size_0x0000000000016000-perm_rw.bin", "id": "proc_dump_629", "md5_hash": "8461447bcfcf11d1350c14ee4c1614f9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "146b7b9dfcfac00fcb6bab86c33f9a2b5e07cd02", "sha256_hash": "9cb43c63c8eee803b1d013db2a75ac1bd34807704e6f07cf2bbb4162c728d85d", "size": 90112, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000470-addr_0x00000000009a0000-size_0x0000000000003000-perm_rwx.bin", "filename": "process_00000001-region_00000470-addr_0x00000000009a0000-size_0x0000000000003000-perm_rwx.bin", "id": "proc_dump_630", "md5_hash": "dc798f2098f2666422dae9db5ae40557", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e56831b75f4799d9df1823cfa25b0281f8e45f49", "sha256_hash": "00da211e868db2f82805762cff4906020ca8f5e1316d1387183be368630cb48e", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000474-addr_0x0000000001ec0000-size_0x0000000000003000-perm_rwx.bin", "filename": "process_00000001-region_00000474-addr_0x0000000001ec0000-size_0x0000000000003000-perm_rwx.bin", "id": "proc_dump_631", "md5_hash": "491636ac526187b0e2c4a96a97c4b8f1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "799b44f28027c22083a8c59d77f892d408ff9c5d", "sha256_hash": "a51bb7214fecb9d66a09bab4dc542f70dd8dc43de23a27c82b39a78e5deffa7c", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000484-addr_0x000000007feaa000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000001-region_00000484-addr_0x000000007feaa000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_632", "md5_hash": "5e223564cb2a1aea171701c26793f7e3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6330db1e46a04a17c539897af18edff511019df", "sha256_hash": "d8cbd83225628ed672e037a81705ca45ae2c366f50e0afd547ed4728175158a0", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000492-addr_0x00000000026d0000-size_0x0000000000018000-perm_rwx.bin", "filename": "process_00000001-region_00000492-addr_0x00000000026d0000-size_0x0000000000018000-perm_rwx.bin", "id": "proc_dump_633", "md5_hash": "cdef5e9825cba15b4f83ecb8f6964dbd", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eaba85b9ae16cc9ec5479d1aa738b3e7d50119b1", "sha256_hash": "198d751da056e6866d1dfdff8f399d96fcfb5d2c7f62fec1deff9949df32edf3", "size": 98304, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000493-addr_0x00000000009a0000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000493-addr_0x00000000009a0000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_634", "md5_hash": "56695c81d172fa8c045d7e0d8a4b940e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b9a64d82f4a3eb68fa506daa7c4aa67a13f01a55", "sha256_hash": "73e3cba6210fc06d97330f26ddba854f0fe0f93a301eb724face495fa94f61d1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000494-addr_0x0000000001ec0000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000494-addr_0x0000000001ec0000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_635", "md5_hash": "b85616dd94064acf81fd04a2d228ef4b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c89d84447d1a186119560f48ca68e8878356344c", "sha256_hash": "ad3d14a456f10ef94a49cb8feeeb0ae4c0addcbd19c00f2617aba4ee6b642ea4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000495-addr_0x0000000001ec0000-size_0x0000000000009000-perm_rwx.bin", "filename": "process_00000001-region_00000495-addr_0x0000000001ec0000-size_0x0000000000009000-perm_rwx.bin", "id": "proc_dump_636", "md5_hash": "76a1eefd634f4f440903b609aeebf238", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81c51a6bb3f33551c2cf0c8deb314dabcce1a409", "sha256_hash": "a78dc46e7da3dcb4c7ec1c899ae392b5552ea21e06630ab27e633705cae1b917", "size": 36864, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000496-addr_0x00000000026f0000-size_0x0000000000002000-perm_rwx.bin", "filename": "process_00000001-region_00000496-addr_0x00000000026f0000-size_0x0000000000002000-perm_rwx.bin", "id": "proc_dump_637", "md5_hash": "5196f0acada5408fd1c410c1f3c9a806", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "59d394bef06112636ae51cfb509823998278d724", "sha256_hash": "dcdb960cc611add6b2ad030b5a7a864955a99c0b2ca98b3007b4f3b49711f88c", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000497-addr_0x0000000002700000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000497-addr_0x0000000002700000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_638", "md5_hash": "b578b41fcf16321978ccd5070b0fe5f3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "33f34b03ac5445db0a18b64202ac853d52882aea", "sha256_hash": "26e4be58626bc3095a60f9a8154a8cd5829406f7f9e4b287a27b0c5acdd16113", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000498-addr_0x0000000002710000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000498-addr_0x0000000002710000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_639", "md5_hash": "77657a994d77e0165f8a4606cb9d6b27", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "da67cb99142e8452250377c04aeb5520e6ab4932", "sha256_hash": "2fb5cba6ee53e5ce011dd7ff89d75e8448ed4f0b3b61e72fd53a4c3cce7c874d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000635-addr_0x0000000002710000-size_0x0000000000004000-perm_rwx.bin", "filename": "process_00000001-region_00000635-addr_0x0000000002710000-size_0x0000000000004000-perm_rwx.bin", "id": "proc_dump_684", "md5_hash": "73b4db3e59ed29a5cfd2d61b4dcd4bdb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c7bc689541181f266269b661f4c380b1081240e9", "sha256_hash": "056e3335b2e9dd36a16d0f975d80ea0b9fdf934bc892a2cf4849c7802ade094c", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000636-addr_0x0000000002720000-size_0x0000000000003000-perm_rwx.bin", "filename": "process_00000001-region_00000636-addr_0x0000000002720000-size_0x0000000000003000-perm_rwx.bin", "id": "proc_dump_685", "md5_hash": "d8f355950a092822e8870b3d99c59c11", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "96bb3d287898726d72975071b68114ba08ef8e97", "sha256_hash": "7add70b3a24e973dbc8bd3d108504aacbd88f9700f267af54a3b2659d8e799c7", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000637-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000637-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_686", "md5_hash": "3c1b538f72127badc65a922b5dae5e83", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aca31dcfb84d0dc0f8ab99354872d9db43e7e5af", "sha256_hash": "7314fbea529647c7118449710563206839872c68e757d44aaa53b753e0375151", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000639-addr_0x0000000002730000-size_0x0000000000003000-perm_rwx.bin", "filename": "process_00000001-region_00000639-addr_0x0000000002730000-size_0x0000000000003000-perm_rwx.bin", "id": "proc_dump_687", "md5_hash": "787c31b1a023162eca0d451f0eb1a2b0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e2c2add6b1e8345394e3f99f6b0ca42e0b4acc3", "sha256_hash": "29693edc30de70a46a80325e2cc142297f01a61c8b0284c1aa042fdfbd298e33", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000640-addr_0x0000000002730000-size_0x0000000000002000-perm_rwx.bin", "filename": "process_00000001-region_00000640-addr_0x0000000002730000-size_0x0000000000002000-perm_rwx.bin", "id": "proc_dump_688", "md5_hash": "4a26232f327b291a41c6e8e293065553", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9e8a323cc38ae27a2352945f5ddd48c037bbe4c6", "sha256_hash": "629a1a194f39d9a58b1f6a1f09bfcb7cb601754485cf22e306494d60f52d9a24", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000641-addr_0x0000000002740000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000641-addr_0x0000000002740000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_689", "md5_hash": "c2df47b21a46246551a7a5f29bb6413e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d56f65767c73312897298bbac3f1c8cd2a3768ce", "sha256_hash": "69a84f0d64ea4998588b257cee4c1e4f9501726441fe8e3b282fd5c0cb74e73e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000651-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000651-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_690", "md5_hash": "9fb42416aff284806691e8d2f0560a03", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3501a9667c4bde1fd5ddb9a3bd0ee1f088d2575c", "sha256_hash": "ca922545622adf9550aee339ce278d77acda5ac5c7043e7869cee93bcd7799ab", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000652-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000652-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_691", "md5_hash": "b27b9c2470a9ed71df56b7b6b34c238f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4c2a1aab718641cdcb95d3d5ebfd4c90d276431e", "sha256_hash": "87dca712e608afb5c6cd3725279e048535740a38963ea237ec811a1056c1027f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000654-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000654-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_693", "md5_hash": "d2bc93b1c2ab7d89e4032e364e031a14", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38f3aafa30f8e1666d3ea0ebbc971ba4162d9fb3", "sha256_hash": "8e24fbb7a6c4514c80d8e36508217013212227b7730998547020461359bd0227", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000655-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000655-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_694", "md5_hash": "10c7e47ab90991843e544d67bf370f5a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b7f5c51195b42f0db4e654f2c20fb9cad7967263", "sha256_hash": "615529e61ec326f2bbaa54383e0136d8a52de9af7169f1f19b9de978cd57a7d5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000657-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000657-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_696", "md5_hash": "a79213a010b7aa34183cccf01f4a212d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9adf418b2e828e79a50578d807b1cb7d5f70c995", "sha256_hash": "702f44439240780dd6d12b84c311b7bb0315d004089ce964590e6159e9d63b97", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000658-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000658-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_697", "md5_hash": "2d136453eae8a7aba2f342cfe6f997aa", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a3da0dda7cfd97b6d7a8984b3c457e1d13d4f8c7", "sha256_hash": "37dee3b57950451488fc1edb9aa3d598ea71c54c8ea6689e9d098a8cb5522684", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000659-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000659-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_698", "md5_hash": "980be5313ade7e3eb42c5a5e9d9dd949", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "327c23ee0340c969c4ca831ee6916c05a67dbd03", "sha256_hash": "65718e350137334533292795de8d15ee660b54c2adc985813d50b85f156834d4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000661-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000661-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_700", "md5_hash": "33ae6a6a91b5dcaa0db7ab80a902ba01", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6ee7a16bdbd80550e0aef15a443b3d234973052e", "sha256_hash": "3a446a4e503c1486073729f57c7969161df8acbc485081e7c2741e5c06f2dff3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000662-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000662-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_701", "md5_hash": "0cea0d1fa161ba3869ca8add02437520", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "78fb14cff18a9cd89c5d314006400cd0ba57b0d9", "sha256_hash": "ff7bbc25c8ff6feedebe8a2224460fb80da794e4dcc0f5effe88cb636261423c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000663-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000663-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_702", "md5_hash": "737927691a8a7077c4700d8464afe912", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6d5ec4956956ba119ff559132f5b25bf7f2814b", "sha256_hash": "558e248807cff0a7f87d9c9e020da016c1c8a71e322af35d441fdc275a8ddd09", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000665-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000665-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_704", "md5_hash": "ca21a7bec75d7a3d379c1ba2cfe73e66", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2538a8fcd99b703b645137a0286166c2903e0d1c", "sha256_hash": "2377c838d8b733332e71a2256410764b5033f9ac567ff3591aaa4edd3345b885", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000666-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000666-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_705", "md5_hash": "91194ebee030ed91cc60ba2f316955bc", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1c5064e92dd2e177445d2f0244c1d5e56cc124b1", "sha256_hash": "6efd459731bab0309a1218d4ff138d9fa6afe60b4377fce909da9604f7a92d82", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000667-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000667-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_706", "md5_hash": "43076fa04ce6b43023a7558b33c68b65", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c74d8ec3231e39de570adae15d591941f75f17a7", "sha256_hash": "522dbacd13952056f14d78061b813b89c27f372c088ec51c3339b36c6c320715", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000668-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000668-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_707", "md5_hash": "266141dfe09fb4b8f16e2ce12988d6b6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cac43570039d7a5a05b182cf07908ddcaab531d4", "sha256_hash": "0ce5e08a596e2dec329f536f2c6d3e5b613c0d71b111180d76a897f78a5230b8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000669-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000669-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_708", "md5_hash": "39d3da5ac6a3ea92a61b84522b5b4cf7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c42e2b6425c2015cf459d09cf96ff31137c4bba5", "sha256_hash": "901ac52793a56d41e957343d06c66e298d88a812cd8394b67e2233d75e54c022", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000671-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000671-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_710", "md5_hash": "8a6f8cf0f2281c766840a50401b4c028", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "086483b4e7a7b38cbbcf5b49c84577fe9f3984c9", "sha256_hash": "a2bf45eed2f46d132f4b6706f8764947a8db39c81888d88f00e185755fef3552", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000672-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000672-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_711", "md5_hash": "d7db48bb86b7b7031ac05675ce9f3ffe", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e41e396140fabf248645586556edbe57c935d125", "sha256_hash": "71febc6f534a6e6e24f4ec2bb2727a3b1784632bb7307699527deb8ec1265efe", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000673-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000673-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_712", "md5_hash": "cffa2b656a3df65e207de8d948b1da55", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4ddd6ca6d00b9e6cd69cdcf292393806e3b9c902", "sha256_hash": "29c3f848cc143446e0ea997545e613a5798e29edaf70fbd735fcf63531d46ce5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000674-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000674-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_713", "md5_hash": "69ecd4c71f21506036fb2a43d84d92be", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c4587a59f2a773f4c4618eda2e6372b9eec426fa", "sha256_hash": "7036c7fae92a7329d4b2e3972e6df4d067fd961e06842068c509e6655a60e2fa", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000675-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000675-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_714", "md5_hash": "4ea71d3a1850a2e61bbb16c2da7f2e13", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "043af778cb5b7e46d9787928e26b370b7db96420", "sha256_hash": "b2455aed2ebbc5f537bd2c497e489be60ffbe1f1006607a6e28d6708609fd769", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000677-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000677-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_716", "md5_hash": "74d3327af73de34f371375daf4a45f08", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "469b8b8cee748c73f42a6928384c386a900e6e1e", "sha256_hash": "4926b66d4da6fd0c1d63ec0069fbea032ccb3c0e1b3d2d306dfa711837d7fdff", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000678-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000678-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_717", "md5_hash": "5468623d8949204343bc1962bd541471", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0d22e06e2f216cd130a85afdb94f50214e77b7f9", "sha256_hash": "5e83066a6bc4711a97d4d24cb24494b99c43a9c3e9e9820349c3392200479bef", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000679-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000679-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_718", "md5_hash": "fe49ad850c2e895138b6e3188e14b685", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2b13dab702e278d714cb1456b5d42f2384df63c2", "sha256_hash": "d60a4a617d4d9d53a304fba9169e1b0a5394c3971003e78b4ec6bfcc382a80b5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000680-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000680-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_719", "md5_hash": "c6f9b256bfb06720f0e982a20777475e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "56c0a1684791d9aaf7003d1553b98042b6ce35a5", "sha256_hash": "e15e06cd64f6a3629c8785334e6b05bc3a9f341f517cff7674c288e48bcd4d94", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000682-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000682-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_721", "md5_hash": "0a1b67dd97818dabe7f81ff1ab35a9e3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4dcb7407cf34041ada3b93d6d387d17cbb301901", "sha256_hash": "2ec5ac1003d7913d2626efc1dffce96697a5bceb42d00da8e7b3c343f042d973", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000683-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000683-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_722", "md5_hash": "c04f57ee3859a0adb900398dc3c5531c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2e313707756b56ca0a296d465fcc769720f2f62f", "sha256_hash": "ba6ec542d912abd2a3de1f29103d08d6a0cf3b42aeff6ca59335a459eec6273e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000684-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000684-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_723", "md5_hash": "e4ac730b95f248a1d02fd99e6180deb6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b000f0a8dab263adcf242fe52232a66187c82e7", "sha256_hash": "c45dbe7727b60adb22e36915cdf83d264d003de1780bd0adaea9ceb9a3ef94bc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000685-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000685-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_724", "md5_hash": "391d2569db2b86b04a9e3007af1245c4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4716f595678923aa420956b9f285b9acf4acd848", "sha256_hash": "67b51e53a8de2cfae8f175e28cecbec2ab70be82006858951b06e40de4d5b869", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000687-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000687-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_726", "md5_hash": "280dc15a492692d557354361ed095e25", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8008c2d2a0ba27874d0849f4858dab0a89dfd167", "sha256_hash": "8431319497a4d63eaefed19139251810b64b752c70fc5ce4ee83bca7403ed4d2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000688-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000688-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_727", "md5_hash": "81ce0c184eb98686034fb101570bbc33", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f7a01fc0f14dae0cc96e34fb50deb16024f94fbb", "sha256_hash": "be916d60cf138c5890d6c8024acde3b80a2f156df4ab18845b6571312d03749f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000689-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000689-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_728", "md5_hash": "179cffeb876b2b289a984969dc8f6cf1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "46504b007883467a6fb82e65a6cd2b1e18d4b4b4", "sha256_hash": "552aedec21d2aede0b9e615c371d3a6d8f8deeb4de94add9b57dcb7dc9be1c51", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000690-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000690-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_729", "md5_hash": "79e29ab68b6106fd200eda7bd4f0e64c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "305bfcb2e8f18cae57155b1a12f57d4c986e7164", "sha256_hash": "365274d3a14b93a89f7f08408c770b9e43c55acaf1c5bb45ffd773e5172ffb5b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000692-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000692-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_731", "md5_hash": "ee1ef2943095b73cc0834be8d24f3e99", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3322eebb171677d20b27e17be0a8d47aeab86d1b", "sha256_hash": "7f26eaeb9e1fd30ef943410059fd85470d8c248bb33eab79a0aa34ff481f6e60", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000693-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000693-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_732", "md5_hash": "f0330a846d0f3c3f80e4fcf0f3a4675c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3707bf5dd7bc8e1df589cb591f510bd385534819", "sha256_hash": "4aa96565aab639e577ace07f66643169fb8f4b9446aa8cdce12a79f189ecbb75", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000694-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000694-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_733", "md5_hash": "3a367423285ddac861a9633273637e84", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fad089241195933015cbe8c361ea4f1bf3d94f5d", "sha256_hash": "10b24302d58fd2912d6f10f299597928d761591285f1a02e6a7529c68eeedd49", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000695-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000695-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_734", "md5_hash": "9091e75287a2d8204eb8310a46d753d0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "43ef43dea7335fbf663936287dc10eff7a4750c0", "sha256_hash": "66af517b2f5e8f8594d8b5ac70004a723327b468f3a8d3f14db4ebe238627dd6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000697-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000697-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_736", "md5_hash": "d4b461dfbf08c530825d0bbce5f2245e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c8fd85b792eedd484660863920ab0aedc6923e1c", "sha256_hash": "ea6af9c5dfcc5972394a501548d96c2fe82a7f480793e83e8d4cf6f448f3e96f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000698-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000698-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_737", "md5_hash": "bf22579d1c56714b55bc8e2d3ab73e94", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "78b3c5cc32e7d4d068a994a9ed121616a5ecbbdb", "sha256_hash": "44cfaef1b4368e79297956b875a530b71a38eeb9a8c113a0448a46ec4de70695", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000699-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000699-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_738", "md5_hash": "2401a121e59797a89c619ad187472c8a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d5f0e28a31aba2682e7f07168d8d4265afdf8235", "sha256_hash": "112d3ab00068a5d48b78857162190e75e7360443bd5725e86a8eec4f2e3f5d7a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000701-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000701-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_740", "md5_hash": "8a8d5d2f5541eea68ca4a7850ca0b4b6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "030565d7b3b1ddaab5b1f33fe00b9ea6681c71f8", "sha256_hash": "c43cd34f1814607feb27af8b5874d76c8f17eceedcd4319983e8559015cf3a49", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000702-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000702-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_741", "md5_hash": "8423db0496b6e5ba68cb0c009da40d21", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "639a3f6de04b499910aacdcb2efd83d3d286b7cb", "sha256_hash": "c97f2d8b198a5160606afb0e91e95c5f2909a3fc15177cf33544155da0840969", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000703-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000703-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_742", "md5_hash": "42539c0f531648e79b9125dd590d9d17", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "051b598eb267754863fd6c9b59133fe6bddbf4bb", "sha256_hash": "e8ac0de20dcc25285f8d7e7d199fb62bdf6dd50859bfd245bd3f160b426cdc37", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000704-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000704-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_743", "md5_hash": "e645c2612479953075bab7ce758a0bec", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "07f02b1f9ddb378cf9f097e594b3b25330830f74", "sha256_hash": "9a54547b966f7e7993f4b88604f500c34d6c3a12ae2b3a19f461f5885be05764", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000706-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000706-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_745", "md5_hash": "636ee4249d4db495277b65185e131821", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fd4b416ca136b84c22a14bc9d7ef9169121bc8ca", "sha256_hash": "850932dfb65021b7f5263ac53e45842f69df08a057976637dbdb0189c20af41f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000707-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000707-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_746", "md5_hash": "919a9c8996d5ffaede65710b363d5012", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf963db71cafd26693125c39599c0b146b2caecd", "sha256_hash": "66e8a9bf6034e02f10575c1629daf33e5bfbe5a7d3d8a7e3344376ea78e8677a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000708-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000708-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_747", "md5_hash": "61cee15df9b45276bbe97427068ff3e4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "36ec68f988056979f32580c722f44d6d3ead5cac", "sha256_hash": "6745b327c8ad726246665529a29313c9bb8f47d2236a0195173a99b04de8d2ad", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000709-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000709-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_748", "md5_hash": "991c2b01cc8ea41109c2446d467633a7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7dcc2f49498fd32c139c3a432bab5f3a92405c76", "sha256_hash": "caf385d599ff9de624f20fa033dc424e115d5b8d53da7f9cc85efac09e678141", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000711-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000711-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_750", "md5_hash": "a104fdc409edc189ee61ff74460ce29a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "76de07f86ab05202a7f70c4220cdab6910d98f8e", "sha256_hash": "b3a34e5fed6b9561e51a7eb26914ecb3ec0f66e07ecab836664b721d2dfa7379", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000712-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000712-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_751", "md5_hash": "b4791de50d827080c1fc68d8e24e3794", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "07f9c48edb37dedf8714e65fc8412086de41393a", "sha256_hash": "9284afa6706f92eb6499db5192be347aafb1e55af5a808e7250948d66178c5ce", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000713-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000713-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_752", "md5_hash": "60257a7ba8e143dcdfda8d1a0c90d9a3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b94306b486390c7c8f1dbf8fcec6d32b351acbbc", "sha256_hash": "aee6ad1c65fc8cba9ab7302a372d419fe786597b39469ec615feafb26de719cb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000715-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000715-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_754", "md5_hash": "c242895a8ece6fb3a41399e911f5b73f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4f216d73f657d1a0deeeff1e3fa9765be087c025", "sha256_hash": "83e40a620e16bce5cf50a0d83cecfe82da268f18d9bfdf01af7ddad7609f666d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000716-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000716-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_755", "md5_hash": "a872f3f974b0fe99b8cf43cb7f5b1660", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0ffe554b60efeba3431051594ae9b1cb75082c44", "sha256_hash": "e7a2eb18a911b70799f411e23a6d3d85bba11e5702d660fc8e3e1474fdce19f1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000717-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000717-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_756", "md5_hash": "a31d63774fb44921d40abc46f64c61d8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "db1efec4be41cc241d4905c2df666a8aa0d2c572", "sha256_hash": "1cfaf5a95565b890f81fdeb5ed4ff29c1a0f71a689cca6117145b41eba8c8d9c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000719-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000719-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_758", "md5_hash": "bb75ac28a93b9fdef0f1c27fa1eeee5c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4cebcfe44e35d5a819b6819db14bef92002e24c5", "sha256_hash": "8a20d9799090bda44c5c9445ce452fa7d499b7f0022cd22568d6e5605171c175", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000720-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000720-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_759", "md5_hash": "47e32d98c85b5060468d4541622b6e55", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14e5cf76bc87d1eb8adb1afb8499401a7ecb7c30", "sha256_hash": "65d2e795c47f2f34a58a19096bab1ed1641608d65009408c6101d563662bd204", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000721-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000721-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_760", "md5_hash": "9a834f27e5f1013fdc1a34c5111d37e7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f1df1b495c61e69fa5d20b3dfad2d0d5eb0ca04f", "sha256_hash": "8629213b9f7673e248924bdec76f38e2c04b5c5d57a8beed8db2bbb0131f1088", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000722-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000722-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_761", "md5_hash": "b8a7ff4c8fe94d2892148a86fe20dba0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "73d6440562b7108a1f08e6b29835e8ec3fa27ccd", "sha256_hash": "c07bdc034e371433a9677b28037cbc798c7a6b62f731c239c4076ea3137cb65d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000724-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000724-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_763", "md5_hash": "a5c03190bef22b3e65d28db9a52a8c54", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6503c478520e6bb883c06e44cb9b72f2003c599d", "sha256_hash": "f2c87b25267c8d1ccbd07ac212ad16c9e6a0ae80b0f3decb51bcaa442701cf8d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000725-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000725-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_764", "md5_hash": "4c8512ff2c72ad83e84f5980240b1d1a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2aee95738f4e0c42e4aaeebac9ff76a738cfac6", "sha256_hash": "ceac58ae82d4e6a7ef2d82ca9ac1362d742ce0d331d9dd2a425f9a1974187cc5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000726-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000726-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_765", "md5_hash": "d5aa5c8066ee9a9a03f714090cd1cf7b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2a61dad1dbd18f86c155c296354b958665d3e67e", "sha256_hash": "22ae4c11ed52396b49512f4376debdef873a026fda84b4cec2d8c99b0bb3d2f0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000727-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000727-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_766", "md5_hash": "be9a1883429ae42ec9799a5d22d90928", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5f7c3ee2473a2cc52938e4402fa9fdf92cc7280c", "sha256_hash": "2984d738ca73271a37d119794e5f0a20b442cfccf5aba5e3e66d5d0f5bb158d1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000728-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000728-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_767", "md5_hash": "2a03851c6746e3174613b41c36f6971d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3e3c8cc85eaab5a7d655b73d95c07cc0e02e267f", "sha256_hash": "c93ca2689861ee852eaca9746f9001adc283ec68a94b25385cd5e2185928f295", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000729-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000729-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_768", "md5_hash": "eaea9126dec09beb46a3f56709f549f0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94a7bf82a202056d4d470d07fa7238dfc04d1baf", "sha256_hash": "136bdb4e1c07fe2ebb27ce4fac33743ac102c6153e506b469415868fb3a5d8e3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000730-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000730-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_769", "md5_hash": "4b2f3e236c1232a59933cb640dd1a7d1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9dbaefae139ff01355b24233cc276d34a5ed0ef3", "sha256_hash": "e1342d7853efddbbcb4df1cd20f83c0df6fd4f841908e40a7f423ad2454e0946", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000731-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000731-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_770", "md5_hash": "a7a429b2e6af0afa39e546471b02a681", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "029fdfdeb08ac2b3dc6bc5eb58d1a8440ecc0750", "sha256_hash": "4eb2b28c286436f28ed2b948e6bb73aa5c4204a4f4fd0c21014f97d5bdf4e9cc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000732-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000732-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_771", "md5_hash": "db9a4b51da3c9e43493342744748b088", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "97805313f1582243cdd963f5b6df0b46ddfa5a1d", "sha256_hash": "bdcf823b0f5c03f294bc959ac224c2e3731353aaf5a4e2b658be6bc19b102e65", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000733-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000733-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_772", "md5_hash": "0b54f5eaa00f1d146fd83b919c818a75", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "86c388f4e21d26e570b7f6a7570eaf6fbd7931db", "sha256_hash": "75e58b2bc8658e1d30ebca6dbd6e5fae9229f0e576fdedc493f8c13a2184614b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000734-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000734-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_773", "md5_hash": "7e186009243d3c806ed058f1f2add795", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e321ac7e6339d8cec87f3e5d8a8e3c62cdd1dca0", "sha256_hash": "911e96a40e8a389f451365fa0671edd9eeccbc202d1d59aaba891506d35aad41", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000735-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000735-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_774", "md5_hash": "81ae312edce292cc1a327dc54802b82c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "186e429c28e195a32b191c83bf06e712235dd296", "sha256_hash": "16fb5baef5cb8893a3200a96cf038306ec507128eb927adb8e7211e9dfa96ce8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000736-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000736-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_775", "md5_hash": "46008c4e707242e1d009d7e0bb01b062", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "95dcf06d2931b9262d1b084dd3870f2191b438ce", "sha256_hash": "e57efff3830211abb50584bd73770dba1bb9fabc397ff30239909740e934a287", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000737-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000737-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_776", "md5_hash": "1ca2551a49902685077d6530798fbe64", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6124c0052b1242d084ca0d2a8de3a9c21df24d4d", "sha256_hash": "1a4e0d526863ad7c418eabec6dd714b92788f18156f4e6e731c52629e9c82853", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000738-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000738-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_777", "md5_hash": "40c86eb42ab6fe39090b01b595ebc284", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1aee6950a4ddb1fad2ba5715b2966af7d6ca0c21", "sha256_hash": "fc5c961fecfb7dfde685abfe4e8f5a21269e2d3fbf0d5648cb499ae7b0dc85b3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000739-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000739-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_778", "md5_hash": "18cf551e5030bfb7d5b81e6ccefff9a9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "af38b7cce66e79d076a4d84915e71af2dfb85493", "sha256_hash": "b87fd62fbb323113bb98ed64d94c9fc40ab66649056e9c066b7cdf73c47bf709", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000740-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000740-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_779", "md5_hash": "6684ef6f373c38d31b94c6848b72cb12", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "074a83375d670913f529692663ea04bf4b5c705f", "sha256_hash": "8d803bd1238acb928e972a1387ee5c1f0fed46119c645fc059661a21da1a59a1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000741-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000741-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_780", "md5_hash": "2c69459b60854bc8b13fb5236726fdfd", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f3f05c35efe3047ed3ebd8af8b8ad8d7e8a9e1d7", "sha256_hash": "eddff07e3cf2b09f73485daa23687fdc0144417e49bd84f99bccdb8690717c20", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000743-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000743-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_782", "md5_hash": "1bbc67ee3f90d35ecf25d91edff953e1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "23d5225bf8ded3fa8952441d0f0c33016b33db68", "sha256_hash": "a1e8b2237afa6d6f5fe9ca877cd05d219cf60ebfe76cfb462ed52d53e8e38676", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000744-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000744-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_783", "md5_hash": "8d800560fd906e2c0c554bf8213c3709", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "38206571cfc73c5153abcbd4e80b1bcb20e18c5f", "sha256_hash": "935e38b45c4c558557d7336514d78bf2ccd1c39a8774faefb5267d75c6b51fd1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000745-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000745-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_784", "md5_hash": "f87f97fbc89508b459c71973f379ee61", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aca82540951a31fbd8e5d633caee3d2bbcfedfb3", "sha256_hash": "ce5397125251def14b2db8da4d238fd69286f9f7bc2a2ebb2eec101cb2e0771e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000747-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000747-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_786", "md5_hash": "e5294bdd28b2e74b5b25f0ac92799c11", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "609e522a1742a1428cd92b1bcbb8fc92c15d172b", "sha256_hash": "705cded1361bc4e553be2e26c3ac53f402157059318966d539511b8dbc000f0d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000748-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000748-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_787", "md5_hash": "61be6957d2448d95a7a0125866038248", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8331bff42b95f721a188d9013488fb13c470ff0", "sha256_hash": "e010301c64616d9bc65c1cbf1fb3119c5cb35bc6d1ac81783e99f3a684c9a0c6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000749-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000749-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_788", "md5_hash": "43ba0f2cce0d0c14124f21e607d97537", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8a151fee0e6bbe26076d18cf7e26cdb17ccf1ab5", "sha256_hash": "55f50276379cff2ed151b512d9f75ea3553755d560de59c96748b269286d0136", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000750-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000750-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_789", "md5_hash": "42c74d290d0c7fde9a912592b2e635e9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ab448c59bb015025c23b40c87b0daffe9e311e07", "sha256_hash": "42f7c5a8b6614b001489c9ae034d5130fba28db95d637c57cf52893d875b0a30", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000751-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000751-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_790", "md5_hash": "d1e7cd29f35bf742467d0dccdbd02b9b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a7628fa677e5c25f78ad14cf37fff96facdc7ced", "sha256_hash": "ecad70cc6b3618981e25fa74e21941c749f01c32240920ff1a183019dd9b1ddf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000753-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000753-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_792", "md5_hash": "b124e6ad17a28357533e7fab8e7545db", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c04162cc0a9c484abbb388562525c75f8c2ca2aa", "sha256_hash": "4520b93f3d5d348f044d3bdf4a5e351816010e7075e1e0dfdccafe95693446a9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000754-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000754-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_793", "md5_hash": "614d929d7e50d750ae9d786232710557", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4ee70fd24b1c99c1f9a9f8e1c94d8790e244c507", "sha256_hash": "3096e0100b10dd1624eb7d973c110ed776f8fd9e5323d9e1b8eb3030457adaf3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000755-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000755-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_794", "md5_hash": "298e7a2f6aa7f3aaa147b4a8b316f59a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2f441ab61fc31936385129c067bf41f59bb64a45", "sha256_hash": "de5f58ec07bc7f087ecebb12c345822155f3f9292fd64aff1537d125d96ad6a1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000757-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000757-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_796", "md5_hash": "dc130757ccc431811d93e5d86865d6e3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf0d1dfa04614aff1938da65ac50606568a2ed28", "sha256_hash": "646dc6841f774b7d6c79f27752f99b207c419dd574614aa0241cfab49db1dd17", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000758-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000758-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_797", "md5_hash": "65a7a4867338424cadcca955b53d39e5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a46dd2b81f3d74cbc8fec245bdef19f81a3f2718", "sha256_hash": "9ec7a30a54982deb7f8b9799745c62b06f285ce886e05c1d3e8df82380e76711", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000759-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000759-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_798", "md5_hash": "2e97a3fcbb3873e83397a4937b9fa06f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "07134a77f680574173db709b83a0fb0a231940b8", "sha256_hash": "88a26026be3fb61ec21d56ec8294bfd4c635f09bfe210170d9bd444f6f4a5731", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000760-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000760-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_799", "md5_hash": "618372c0929aaccb59a1fa42bf0ea64a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "355ab34200755ab5584dbcf81d0440590e2bc4b8", "sha256_hash": "1550d4892d74b9b1b808725adc433f957c78aff646576c111dbd28c9de35d324", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000762-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000762-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_801", "md5_hash": "0a94e9ff3538ef5bbe14820e4db896e4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e97a5945357e116d7fa69a57e3a2128e8ab785e6", "sha256_hash": "97c33f83f8dec3eb5d4d82511d9381c8a0158ff24fb89a2f4c9342737a6e9121", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000763-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000763-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_802", "md5_hash": "4983f5c5c43eb7ce3f3038e29ae1a3e5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "13a7c201d0ee7ca32d9ff9e8adf5412c8b8b4610", "sha256_hash": "414c87d0b24bfeca7d713579ef5eefe1391f50e1998d391a8ce9945714fde8e5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000764-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000764-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_803", "md5_hash": "1bf69915001214363b999fafe605ad98", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "91ed0527a2d381dd177543836998d6b591952caf", "sha256_hash": "1961c7083fb9070dbf8de33d754519dfb3e7668ae7c2ee9fa770872425dfd23a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000765-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000765-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_804", "md5_hash": "aa6bb8cb2878f3fb6bec5862c9ae8122", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a2afde7d161d207c8666f51fd027db9c2bb083ef", "sha256_hash": "682f95a03201c4dc00901cd59896c342764f89c687df6dc4da32a7262fe6bbb6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000767-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000767-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_806", "md5_hash": "d46ef5c0c189fd6a36f97bd19e73e622", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2c79e0eacd39715089f740d175142916206ea78b", "sha256_hash": "1556ddf9c13c0c734a193d0a8e761bfc18cc5d3cb451f18cfeccfe7aa1cbabfd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000768-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000768-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_807", "md5_hash": "c4236175b1bc4f37e743f73a7208a1d0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "538762dccf0a569bf2b25f4365416607d25228da", "sha256_hash": "b7c88bc0e2664628d0f540a47c6cd55f93279f15d1d7d37e456e3f1820e94e6e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000769-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000769-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_808", "md5_hash": "c351dd70b8049985c0597a5bf3b9fac9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "248ea3c41dbdcb3763431dd005afe11cc6043375", "sha256_hash": "660259a04acfae3eed7eb8d535b8835a0a5410040e7d841a8bf200be16bd4ece", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000770-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000770-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_809", "md5_hash": "53f26442cc4083e9cb18991ae86d4b8a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "60226b14f1d2e656cfe15590129f7666f2a8cf3e", "sha256_hash": "3a571ec5cb8669eef4a46394aff5ee8dc5b5f747cef05b369fca187d665fd45b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000772-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000772-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_811", "md5_hash": "960bc0a3e05b75e8219bbf5fffa58783", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71048364bcebfc24d64b4e9822c032f008f41347", "sha256_hash": "383b0654b8667db0d90e0ac092a8ba231349fc02c1d9dbd00859da44880b9a84", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000773-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000773-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_812", "md5_hash": "8d699489ae408975c88bf6d2aabf58fb", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "490355839529aa6e4665fc7ced9ab5588d956e7a", "sha256_hash": "641fab4983de9277cd02748122b374f0d77fc33c87b3166848a909a5e586e3aa", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000774-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000774-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_813", "md5_hash": "044b237fec9a0832017fc7d39deb5139", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d341a292fe8a92caec0da5bd416d029dcd7cc848", "sha256_hash": "97ae4d191411739f6b9a431a458185ffd22aae266f6a41cacf8429cf80bf4313", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000775-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000775-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_814", "md5_hash": "989a6b9ab4dcb2ea71e4a861a9acce68", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ecbed8680455d41721c1cb4232db01591c1dafe7", "sha256_hash": "56857e0204798ddc673ffcf64c864cc30838fcbdfcb34653d18d317bd272239c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000777-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000777-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_816", "md5_hash": "b4d89374deb1c20bddbd2dd2cf18c16a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "217c41251349d0d483c5cc429aea7363ec5cda9e", "sha256_hash": "5bd2cbff7117069438a94aa9845cc1b3c9ca95eb5fd7730023b741bbda23b674", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000778-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000778-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_817", "md5_hash": "3edcc2e5a683f4217aafde710760ab0e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "faa1f35aae7b1b46161190f03ae625cded582b86", "sha256_hash": "1bcd7a5ab6bcb7878c0bfc0f4ea78dcd990c133209ca6cc3a6f41034a3a76534", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000779-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000779-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_818", "md5_hash": "f93ea2675269b30996ec5bd96a093385", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7de343049d35749fed5a8167364acd15608c3bf7", "sha256_hash": "6e70c990dd3cb665cd431e04170e47f63e4310efc95cf21588c1f8ebf5b23215", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000781-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000781-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_820", "md5_hash": "957739b7f2a8b978f4bf6737a5302f24", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f110c20aed9ea64ce8a1a8edaef426a04af8161d", "sha256_hash": "cc026275b2e1de229126c5a084380bee0dbff6f180df336fe575b6a86d406c64", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000782-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000782-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_821", "md5_hash": "d042ca8332821654c72313f698ffc957", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "341a1cf550e19444c938857332ee5483c8d2901b", "sha256_hash": "ad752ef4f3ff707164ac4a1aa4dbe5697f44d23009122c453f2850d528bf2c9b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000783-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000783-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_822", "md5_hash": "29ce627a4bf63f13ccc5b6de38693688", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "69c7dcef312347d56824723ccb9f66dcb09b3d64", "sha256_hash": "bccbdf3e75b7d33e9d1683c9de3a7b4b69305aa8ec8fca329d0d87f13bd9ec22", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000784-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000784-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_823", "md5_hash": "d319e95f2701f13fa11c579e988f052e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a9c3d303a511f1af82659011bedb67e59d61dd35", "sha256_hash": "5a029872c47fa78819ce8550b3b046e42e632031ec6986a541ebcd014919fce9", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000786-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000786-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_825", "md5_hash": "f91509f52393bc4055db392df2020bd3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2e32a4320f1b5e0974b5aa2b21a088496a6e2f86", "sha256_hash": "05420b16433ec41c6cc988ede4f40c78c432d782d379bf72b491a56217ff378c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000787-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000787-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_826", "md5_hash": "ea026704322d79eec2c30f3e35f70d68", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "512c4e36131a0b02412d4cf6f715780a73311684", "sha256_hash": "8233d3f6b9bf7eff837a10350f77755da9b24d8eaaf51f16887d17b6d3d34c9d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000788-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000788-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_827", "md5_hash": "e1651b754a6839ead4169e142e79d414", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94d9f755deef4283203c479379c314b6610a1c1a", "sha256_hash": "bf762a8b946a65e2bf9edec7093bf2ff47c83b39725c70f0da4279ec62e7d763", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000789-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000789-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_828", "md5_hash": "6f5c3b8f71899661aa81abb2163b728f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4345612f3739e057a66f8fcec6a71ea93c9b53ba", "sha256_hash": "0090e248c04e48134bd6f0d59d716c79f3c25fee93661682c03dee0e6b4875e5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000791-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000791-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_830", "md5_hash": "784f8be099e0486298e1f05e87a89b21", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "55a094d472fb171c611c008882f19866221ac58c", "sha256_hash": "d6c8816c4158c5f5b53ad2627ea2d2e8b759bbfd9c39cbe868e4d94a313cd0a2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000792-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000792-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_831", "md5_hash": "5eec14329bb06d75a87b1cb984100d95", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "192381149098c525d55028b9b2b09aff19bbcfa6", "sha256_hash": "c5485aca7cc4398db4fb6c0e3a5ea312737092f10103270e32dee2aa714bbf9f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000793-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000793-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_832", "md5_hash": "3258eddcc8fb7e7409d22f47f9301d1c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "425b7e1d5a7e8d98d7122373061b1d1356d2129f", "sha256_hash": "ef75f2eaeb95caede23caf2ebe325b12aee25ac520d6b501587e60c5db633be8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000794-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000794-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_833", "md5_hash": "dc8cf8abe69ff0ab7906f258940e92f9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "437ecef82cb59dde59fe63526e84a9c783645af7", "sha256_hash": "10b94d9d677ed8adf3fa8ae7224beed5fe43204d4d34ebac52cf6202ac69de12", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000796-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000796-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_835", "md5_hash": "710f909e6d4ae7f65d9d9652dd48e09b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "39dd0e88b6957566c69aeb380ee18c1ffc19ff05", "sha256_hash": "aea773f8178ccfde93ac535172b966b8ce9dad0aaff4a745b82174f2b96afa5c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000797-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000797-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_836", "md5_hash": "b5847a3935cfddae2037a082d2500bf0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8716990ac76ce52e645bb0fda15b4402f5fab7dc", "sha256_hash": "42d3fc8c5e45431ccc921b5e8d080f3bced330770b49349429346c0d99f59703", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000798-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000798-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_837", "md5_hash": "501f2c8a8380ee8dc90fad690680239e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "071c9046324a7b27ebe47b10f2aaf55f3e508c95", "sha256_hash": "d2d4e148e0108ed4cce28e41d5d17cc2ae5591463da76b41be4c681e0a2667b4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000799-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000799-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_838", "md5_hash": "42d0b6b3cbf13d921a7be12005dbcc4b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9a1965680ffb2fd56d737efae5e4d858fcfca67b", "sha256_hash": "37997bf1ce0e0bbf9c10c783bcf33a8065a28cb57efe0cb2a22b607c8e2c196c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000801-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000801-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_840", "md5_hash": "ab2b37141d7541225c041fea6e0520d5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4015c817c8644aff9c705b8a1d58e8f606a67331", "sha256_hash": "7cd123643c41e8c0e3f58bcbfaa542cbbf984930321348c6cba90af92bd6a68f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000802-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000802-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_841", "md5_hash": "ead9abdf5b996179f8760e3116e2fa1f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "549178c5e6af0a190de2248b4a46f3f5d4372f55", "sha256_hash": "70ff4505fb76c31d43035bfc36d487003f49a6c8fb07110bdafed41766f4bf48", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000803-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000803-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_842", "md5_hash": "a949a18d188ff20f81c7b3613074727d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "34cef8bb8ff9fb2ac2430bdca819b17f16540d4a", "sha256_hash": "f3170c1b1bee99341f0e537c389625d362ed9d3cd6646c4bfa2aa9fb5b8e251e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000804-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000804-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_843", "md5_hash": "4db45c8422c24027c46c601cacd30882", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e81f60bb7d8a910f101985605d03c854f783aa91", "sha256_hash": "1a25c6f7d91a57a9898cea05f9bb8c3415b0697bdc3fb40130b4e197e08b4bdd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000806-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000806-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_845", "md5_hash": "9571cf4d80e62d73a4699494a65c7e77", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e1b7860b6f37b4bb1717e27534dc30af1dd959c3", "sha256_hash": "373bbc00ec4e26f4c2f55af0e38a007c3892b729089adaa6a30ea82b4ed1a12f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000807-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000807-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_846", "md5_hash": "d9f6f59c3c176a1ca707a60df153235e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "529a3590a0f78493f44041475a228d389af23f15", "sha256_hash": "a4027a0aeb2655110d0610ba90fb5bf7415a2b0647c16676251d3142e706519d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000808-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000808-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_847", "md5_hash": "5204b753d4046191cc376e48858113f0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cfe2526e112b179bb327e2b80656efc1d2cd5eea", "sha256_hash": "8cc6d46cbfb0a95552a44fa3ab4c0b330df65452c3cb50b738dd9d01fb75a91b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000809-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000809-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_848", "md5_hash": "f669d13217de21806f1224af7e5a7a17", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d7882de1157cf5edb649c9c190760dd041f74235", "sha256_hash": "36d8680b4b13195979ffdc0179726b8506d95ca8e2f6ed9df63291f6a9236e28", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000811-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000811-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_850", "md5_hash": "34cd7a8e1edae798c56263b6eca5af50", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0966927aee9b10e526b2fd768cd55bd9b2ccac36", "sha256_hash": "4436b497532bc33370f20d61f06f0b57abef35cd79824efc6f126baeeebdbff6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000812-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000812-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_851", "md5_hash": "4697ed7a2066312c8f85f389cfc5fa8f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "10512b0c760fa3c5a2ad1b0ced5ac10b4a067758", "sha256_hash": "1efa17fcc87ef6f41dfe5d609e8e587d7fa85f602afd7fa141ce7f09e14095c7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000813-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000813-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_852", "md5_hash": "efe5df35f365654036a741530826ec64", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "446152f08aba9e17533b3c16ee227184d307de9f", "sha256_hash": "ed94909f67dcfeef3c8364629be7dd2fee178ef14b4701f9a0eff21b1c071638", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000814-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000814-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_853", "md5_hash": "57fc7372bc4f4c332c06c899a16dc067", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3d6dfca52f472abd39b075b8f45108b697e15bde", "sha256_hash": "9f9d74c695c9f2dde325afa10733ab69c25b5ddf6809a6d2deb948761332c751", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000816-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000816-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_855", "md5_hash": "e9fd343cf3c073576be7b7d944336547", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b16fc041ff75381bfaeb241e4e48e66b777d1cf2", "sha256_hash": "e03d16e9034d1d4b9b898f82344768514e3e46b51de3ddebe41ac182f89b2728", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000817-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000817-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_856", "md5_hash": "0435c60ae8595f609cc37850b40e074e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50a114f059edc84386b3586fd45cf77fb6c6b6f3", "sha256_hash": "f60be460556caf66c98dfa662e74dd7d3e607775fed7eb45361568c7c4c9a293", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000819-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000819-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_858", "md5_hash": "9ea533562a109a77a655d6fe606948fd", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3fba0ab8ad50523e601023a208669b82fcf8629e", "sha256_hash": "d924493414c7f72ec1fb3244f433fef7f1c58ece46e8f89dae010f03788e9961", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000820-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000820-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_859", "md5_hash": "499bae790afafd5259e13dcf966c2925", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "68040b9c6b71c0edd54a959cf185154fdebd1083", "sha256_hash": "e29037fb7cdaf2bfede4e27c3a1f96f8ff34c27540484b21a98fc5b916a38753", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000821-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000821-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_860", "md5_hash": "36e89538ff4a8cf1fad930b5e1084eda", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d680cf5aff8b35b9a3a7165ce5c7fd3a2de1c24b", "sha256_hash": "9c28d6916ead39e2664de89854844a15e7104b99f4e3a3cebc8f42ccb4d71fe4", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000822-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000822-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_861", "md5_hash": "0fc01d1b3e212351db5833d3780d6345", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3b219ddfc50e231d7dc790cd7185450c54f13c7d", "sha256_hash": "f861a661d3da3cc8d4394962bcf5737930a36e10eeb21e0b9c1f34b7ff84c8f7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000824-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000824-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_863", "md5_hash": "b49f295497dc22f361fb92ab95a36c43", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "72fc3d9900cd594ae6c4ef5e579ffe1e881dbb60", "sha256_hash": "b94707d34644e1849dde3a42c9313476aa2527542ac5b8dfb33f2dfae4530ef2", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000825-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000825-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_864", "md5_hash": "6830e4b3e00e1995fb99eb86a083c67a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6521abc1a89727833e1ccf60ef2afdf4575bdcd9", "sha256_hash": "a83df2b5690bde0b716e197f1a247e21ff75e658b10d8aba7e22c4d80a20d59e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000826-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000826-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_865", "md5_hash": "dc61836b7a6abe4c52a5669e962fe9ea", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a663acec24556682be723008f7ecb454a42f1b7f", "sha256_hash": "cd4652e7d9b34d216f6a0bb9618c9963164a37af1bcc3ff7562c8583fa5fcb78", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000828-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000828-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_867", "md5_hash": "7f32aa36f7d00b6c2dee7235b62198e5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5389525ee5c0772e3dca0dc16b3c13040684754d", "sha256_hash": "339690dcacf9f68a7de2bacf511fb2932e0573cd7e9102e0b45a07dbfb41bcfb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000829-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000829-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_868", "md5_hash": "2580d6be7539502db657bdef73717a89", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d6d953eda753a97e3c025b463c818340b203bb2e", "sha256_hash": "71d663ede85f2b84661664342f118e72e33cc3d6ea6f26cc24ee5599f0bb8ed8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000830-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000830-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_869", "md5_hash": "08c703e756c97027b617163d284c43cf", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "718ec3392f32bc17c57be1f6628b145b8ab4c130", "sha256_hash": "046ba4ea8b86df2013317f7e1e91154e4734d7313c275714bd5bcffb3d7d600e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000831-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000831-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_870", "md5_hash": "cf652903955b7ac974cfc6bf892d50b6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "15b4bd68e817cbc38b958caf6a03223bf6d09b9e", "sha256_hash": "6fc21108c68eaab6d4f323971f385540457f6b5a5e54d0588d4f5f1849b2b5ab", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000833-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000833-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_872", "md5_hash": "d9dd87e062f0b8f289c3e1fe8c72270f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0d7a6ef673ca619f14bea84f9c3b164b0f37ef90", "sha256_hash": "9ed1ba2d618085221fe110cdb629ece3ba3eefadd1240c287a2d8dd54eb0c961", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000834-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000834-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_873", "md5_hash": "f14105420367067f44408a906cde82a2", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b234692053eac7687c67d83b689fc513cf87d06", "sha256_hash": "ddf75f2c6714f5bb70c7b94360061eac6867f5208a17b90d706bbe1a3a626c2c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000835-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000835-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_874", "md5_hash": "c01b7a12e226fb0697dab8588b15eca6", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c9003575a9a033fad62b2378ae3bead84d0668f6", "sha256_hash": "e47468e52c8b08b5b634bbf539caafe66f44fc726b09831241ddb62045634172", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000837-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000837-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_876", "md5_hash": "f06f79f24ca5dc36ed6ef6561bd6467b", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3a5b410874d8ee65c4af4f906c835609773b07ab", "sha256_hash": "ed63a934c03dff2b5d83ac14b9b65fbc95698362f7da8efb8148dcf939428f9f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000838-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000838-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_877", "md5_hash": "b2f4c090f895d0481c6686dc5a2d2db2", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4b94b92710de093f68ad06d1f9346740d180b798", "sha256_hash": "b5cc962ab0c26d6431442fe9394b68f254152ae11a9e9eab235c28a45ffe2830", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000839-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000839-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_878", "md5_hash": "5847a1526353aca801992495e3f5c757", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "95f96d21608bc588a0d63a178b68ea343b176cd7", "sha256_hash": "b5e7ebba3a0a60218194e2433b3b7db8ba83f73509a291115fab2a6fe63b43cd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000841-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000841-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_880", "md5_hash": "a6db39fb68743bbab8b48a4ea80a57c4", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "dd5b48bc5431a6d5009bfd52ad67bbddffc89892", "sha256_hash": "6333ca1adfa42de6f6a01caa1e49cbd78b0fe500e8527fddcfe87075cc87575b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000842-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000842-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_881", "md5_hash": "10c4680f975556950e1c5dd1726c1971", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "271c55146f80da3854ad6aac59a8e3881d65341f", "sha256_hash": "12732a95f6444ac982227eca29eb221cc1b2a47f093a9a84c2df0f38954a14e7", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000843-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000843-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_882", "md5_hash": "82882f8f573d0ca173fe714333a4dd54", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "eba11a40943805ce9aa67c6ca763092a5e513e6d", "sha256_hash": "2f7a4950a3a6329580020a36c23ab274bcaa57af6f264321a475e0f690adb3dc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000844-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000844-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_883", "md5_hash": "fe0255c634f9190ba37b1b4e6ff593a3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "319731e47cc691e3a6ed1c47c3e74ef939b9b02a", "sha256_hash": "69f56ada563a931db38cb419393f7e72016c0d99f3e449715182856ed2dc63e6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000846-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000846-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_885", "md5_hash": "7d1ea5c3a22c26e19fcfd939cd8e4782", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "783068ab0c072a46fce7615ebcc15b52eea38a52", "sha256_hash": "a37dcc7273c068fd70adaa80c6fc740db3e668265ebf843ee18419deefeccfe0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000847-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000847-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_886", "md5_hash": "4359bd7d5818c72384235fdabec905bd", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a44a457f384e6e246a39de58eb441d6bbbdf2e0a", "sha256_hash": "668e6ad4b634a5d3aabacc2870f80ba2928989c03b26346b9f46d792c2b91ee3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000848-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000848-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_887", "md5_hash": "3d5bda696c23351fbf81112d06eaf8b2", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e37779b9e09244125cca304f4d853ec276d650a", "sha256_hash": "248ec6f5987198f442f8a495a4edfc5e5a4623591b688472248ff19dd764183e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000850-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000850-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_889", "md5_hash": "5ffa6f8e10fd27c0c53bae2a24af249f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ba276602a2d4a0ddea5eddbecf260c1ce4ce018b", "sha256_hash": "14b311b94fbbd3c0f5ba9cf0ca65cf8dd73aad8844479e88c01ffd05b6ae6448", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000851-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000851-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_890", "md5_hash": "1887b5dac4b2175c7060410b457cea5c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f918ffbe88a5481d33f691a3724c717492c2283a", "sha256_hash": "9bf03c7c93a44006d81abe68fd960b9f0fe5ca121407a3e47b33412335c0e7bd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000852-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000852-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_891", "md5_hash": "694c4adcbe4c3a14fa0bea5c493e5ee1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fa9882aabab83a4ecc01502aa8f0b168c51a8a14", "sha256_hash": "c6ceec854dc5a77641990fb507b7a14aff201a76968b218c1dc34bdf5d113a71", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000853-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000853-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_892", "md5_hash": "9d9af67b76becd6810728e195791ab30", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "984dcf21c56fcf3a95af965676890463134dab21", "sha256_hash": "55ebff21b37551c6c793993541e23e49b7a45b8d5321dcd78a5234f7704cabe0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000855-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000855-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_894", "md5_hash": "1235943134c55565a0d78f90f1804bc8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "646d4b28e0caa33a5fa4c68c327a19c4c0317d02", "sha256_hash": "66a3bd010d81d28b35c7546f862fdef5acc075a226dbdbeab8a02b8027970374", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000856-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000856-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_895", "md5_hash": "7a38f4bc59e46b8c7827aef7a34f09a1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "14e370ee003f3860302fd33cb7696ab9ab49300e", "sha256_hash": "7cfac4d25c193c8133117810ce9894ba15c0c920a2e8a229524f52d7a7a61af5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000857-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000857-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_896", "md5_hash": "7a5a1b39fc08f4d320c75f23c32a7102", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "92f9569500b28bb056e4d2c64ff9019f83f10fc3", "sha256_hash": "f2fb09db81e64514ebf4b8708a832d728355f72d2c47a5905d36d4dad5e52228", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000858-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000858-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_897", "md5_hash": "b7c31cf7bccbd027762480a0f30a4966", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "bf4ec5471b985cc964795104a00eff79018accfa", "sha256_hash": "f700d788c53506970ecb875d767e58da1d0fb789dfa3b46caf8cd76ff862d2f5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000860-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000860-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_899", "md5_hash": "73599d1b77cd0fb05f8c78315a9beb7d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d01774180d2a5fa4a0b5ee9ac8fa361b1ce38887", "sha256_hash": "79dd64aa83b55e7bac8d60d85d12ed2e6ae9d1d678e6a7656a5737c36134f731", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000861-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000861-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_900", "md5_hash": "36533cc641742827f9c71fb5d29d707a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "2ffbacaf770202d6f4e7c72358b58166e3a88cc0", "sha256_hash": "20188d5937af4b09c5ca1b9980b3c554b4b2d707e0b3023d3ae9afda6ca79784", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000862-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000862-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_901", "md5_hash": "367744ad636070d441dc8bd09c879dce", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e61c8d6173780826cecbfa634333a67c0d5e4bdd", "sha256_hash": "13c574da278bceda4f0f1de2ea9600e70768c2790cd71bad1b430de24334a7bc", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000864-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000864-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_903", "md5_hash": "2f75eff8a4e0806feff1ff9dcca22cb3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7f353fe061e329c04a82eba9614264fa1a69039d", "sha256_hash": "f03bd00fd24848f20c7160919be5faf9f8c9f7e4edf74f4583c9e04481b2facf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000865-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000865-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_904", "md5_hash": "7a732e8cedf11f9db88f485e194fa1e7", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c264600af7b66423cfc770b9d0050e6f8796b0f6", "sha256_hash": "a3e1ca3b9868a7c847272a1e601390f5d629cf7547f106db0e322568262ead04", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000866-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000866-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_905", "md5_hash": "edb16589d9c1d45759d0967d7539119a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "35db203411e011afb0c038a574c0b86de83c7620", "sha256_hash": "20834f700a4c3201a4c5a6aa3cca4362465bb6da1b10c1f54d2cc2b61b9f0841", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000867-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000867-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_906", "md5_hash": "82530bd76e56ec181717753baf91729d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ac95d00832abeaeb3dbc1eb66f3ea0a11f245773", "sha256_hash": "778e4c0d452edec408256d6f8559b9f00e08107b77e53de5900a8b42582c3de0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000869-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000869-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_908", "md5_hash": "7fd9b9a06bdedd47b67d438b56d735b8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "212e401fdf80ae2b42c21eb3d40baeebb03953b9", "sha256_hash": "a5a0a5a05400a8d6237fa83a3b1e289f598a04f84eb717967a72ab66c8ac61f3", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000870-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000870-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_909", "md5_hash": "34f82304fdfa364e119df3703fdd655c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1d9f530626c8e04f82be3d5d84fbde5aeba85307", "sha256_hash": "f0da404cec4075bd442a433d4fe3dfb28ec70203cbe7d9844d89397cb8b7360c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000871-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000871-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_910", "md5_hash": "dea8ab18faaee30114ed45b8edfb93bd", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cf424d3b720e0af661fa45274e16c05494238505", "sha256_hash": "44ecc587bf75a3a7f58ac095407c8d5d718b7b0e95577af88f49eb9719c6549f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000872-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000872-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_911", "md5_hash": "68c1a26ad3c428dcc8b56cfd5529df08", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "71c4da49379ccc640c533b46eaa59931b2c3b81f", "sha256_hash": "ef181a0190f5a0dec83e448babcb6ba127cbe6db50310bbcc18197fb81736c5e", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000874-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000874-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_913", "md5_hash": "fe73e810af76a7d6423e93b2edaedc28", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "fef15de8c9c15f0d537ff1f34ca9b3ab8f04f40c", "sha256_hash": "14912bea2719c3f7398c7fa14244935d4a7d7fcced17d20de583f429f365fa98", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000875-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000875-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_914", "md5_hash": "cfe446d198e2d62970e13329d25f75d5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f6a199e5f6874a4075008ea98a062171c9e4a8f", "sha256_hash": "f2e603651538c70e86e478bcb44c219f8e9e669eea4c75fc30b2fb762d905dc8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000876-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000876-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_915", "md5_hash": "cd014fd051e3ae45cb6dc09a36270992", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8cc97e5bd4086e8c07340707e7f3e1796a6027f", "sha256_hash": "c17f2ab1422199f443b320452e3868e10e90b13de2e9627428ab5a955d3b72e5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000877-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000877-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_916", "md5_hash": "cc45e2c1cd5f6c8c42abeca6ecaf383d", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "48647a6eedd9b9497353bf3cebc4e928b1e8d69a", "sha256_hash": "36ee8e57711c292142f56dfa63f8a89389187f0924fe0486b7723e78dbc5ceac", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000878-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000878-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_917", "md5_hash": "a272a247246180e172350ce789e01aec", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "43a51d12dbc59b7704c6f5995afcdf709ad54427", "sha256_hash": "a81b04bec4b6bb67539b42e7eed2213698a28acdfe5f0e9067fe807f432215bb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000879-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000879-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_918", "md5_hash": "472c2d69ffb94a34e38280acad15a67a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "aec452844f6d65ae68b3c150f9a2c2048799fcb2", "sha256_hash": "0efcfeaa3700da109488297d596c4438062c641bc342ebfe1712bb28b174b116", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000880-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000880-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_919", "md5_hash": "4e5139cd44738ee566a017c4984f644e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c33238c1cb787a8823603ca9484c6fd201ffed59", "sha256_hash": "d49a444fd394af328e1bcea4e09bcf7e8c7772cb2c549e72f6698a607291580c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000882-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000882-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_921", "md5_hash": "9182925b8c55501efb5490c92d67bb5e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "82a257a7d7dbb274b48f7526b90b03436768597c", "sha256_hash": "e9670deb5bee330f56cabd0cd85067668fce8638fc44414530f18855b82339a6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000883-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000883-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_922", "md5_hash": "c425cdbd5bcabfd5e91223dfe0195eb0", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0b8c00cfd21221b35e2788738930c7c92d070ac2", "sha256_hash": "fbf4fc9d97dce00e778a8afbfe1606d003857ff0ce718cafec12903f34c57148", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000884-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000884-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_923", "md5_hash": "16de586d52a742a7ee4c0e17ed0643d3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7bad6d2c32e66bc583289a9387cd1bbe6df10b9f", "sha256_hash": "8d3adb2fe71d332060ecd239ad8f353387a5e7aa1a95e5ad83e85ef2493acac1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000885-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000885-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_924", "md5_hash": "d9b4d408411aff0da3062bb0e177b7a3", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "54b4ab1ca53e5e7e5f044df071db1d0517b94c14", "sha256_hash": "33ba6d6d9114321e64fe8664e77792e54c2738095b37b13718ce6fdbb9edfde0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000887-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000887-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_926", "md5_hash": "d7786528a3e744fd18c1ec9c075f5a4f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "94a19ede1e68058f562c6561bf8a54bfe46f3544", "sha256_hash": "da6e463d5f1c7ff20243d4ce934cbaf4cf1f92fe38c8f4ca793390f84cae654d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000888-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000888-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_927", "md5_hash": "1e1746229eb083d1519a90cf0b612bb5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "64c89e6c8bf73ad6d84381502d75dbc7a0d9cf18", "sha256_hash": "a889c53a89ee859752ee7c0664f9f1612598a9f73a1602b9a99d728e05b022ae", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000889-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000889-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_928", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000890-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000890-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_929", "md5_hash": "f76297814aa46b3f7c187098ac13c587", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4d1c501dab14f51e8c5dae17e9405820139afdc3", "sha256_hash": "dcfc0d9dd0286e447ab8e025fcb840ca680eb57cd205f6f534f44807190751b0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000893-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000893-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_932", "md5_hash": "15fe83e0e0d64452f4a5db8771c93e17", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cc9e4e64e13cee3e582c89125914697a4cc31aa2", "sha256_hash": "d88939e15b3aec1667a744877eb68f5b3577419c707369c2d17f6d9203512758", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000894-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000894-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_933", "md5_hash": "fcef0fd237e41bd06056c25b3248a2f9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a12c0d0c86ea9b88c3a5c6df632e01e49bc560f4", "sha256_hash": "24d1544b9959cc0684136984b17e2ea51cc586240bd75aac8edd910b419f2ea6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000896-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000896-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_935", "md5_hash": "9b7791d0799c2115a8e335e368ec04a1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d887f6916d789fc1797036689ddf1abec177d179", "sha256_hash": "6c4c3f669738a003ae0a2e17936aa7370d5a6a32c69b74b5acd9e75ea754ba42", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000897-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000897-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_936", "md5_hash": "f65974d59617f5748646d05f4ffd1e1e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "303d9fe9d9cdc9909110f8b8f43d662126a9c3e4", "sha256_hash": "4bdb61782a1763920decb001aecf106cc69cb1aabe5dd384596af35cf4302f62", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000898-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000898-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_937", "md5_hash": "9ae62033f88b4cd6d0874e89421011c1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d8d13a8b45b4efeec27adc422be0b15925117b18", "sha256_hash": "cfb8894ffb04b434af7666fcf8b7aab280f829c50a66cdda839b7a009f2224f1", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000899-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000899-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_938", "md5_hash": "0c5aa6fb713aee63e902f1130acad688", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5b9be3a8feb384f0126c2ef6931606abec2b216c", "sha256_hash": "c3adf5168d4c9a195f5bf688d03d8e4cf996e9205a0e84d4fa4ec64de84f2171", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000900-addr_0x0000000002860000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000900-addr_0x0000000002860000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_939", "md5_hash": "ef77c67f34daf75fd2aed5ca94b04c2c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "c45c50cd7c3318cd4820a724f952fc107ebcd1c8", "sha256_hash": "dca4bd0c582c6d143b4ad6ca1aebe8a34476e998c49577fb98ce0aa9ebbfce28", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000901-addr_0x0000000002870000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000901-addr_0x0000000002870000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_940", "md5_hash": "0033b6a89c8eb49f66eb1553914783b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "12588e2ef9b5e0a4e7df328702fc56065bc090e4", "sha256_hash": "c9f25cf3878420598007ab307afba1aecaa68eaa2e7536bba5bf74e46286cc0f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000903-addr_0x0000000002870000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000903-addr_0x0000000002870000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_942", "md5_hash": "7dab4d6451b38277f594a68a7f2878b1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "3834257a04ff59dd20771097223f7c94cc63c918", "sha256_hash": "a72e041efbfc025617bc08883b333e0b6430a46a19467caa70a4716e69caa71b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000904-addr_0x0000000002880000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000904-addr_0x0000000002880000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_943", "md5_hash": "1abaa2212f1307df89c1bb27e705b003", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a6fd85e3d357e4d6bab82da29e88f7a16e7297dd", "sha256_hash": "e87c24cfe917343c2fb865d4ccdfcb38efc75e1b5542e09e31ab6ee9b849ffaf", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000905-addr_0x0000000002890000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000905-addr_0x0000000002890000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_944", "md5_hash": "6366f3fa50ca466932e4de90f6ebb4b5", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8161dd94599be9c527b544310c34b05c1b6ca8a8", "sha256_hash": "936849044e20fef3b3560422964d69c3ef065b977b185ba0b17225391a182e1d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000906-addr_0x00000000028a0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000001-region_00000906-addr_0x00000000028a0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_945", "md5_hash": "432d07d7079d69651c050f1d2164505c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "50206c6160ca0791d3a7a30802b6cae397e736b1", "sha256_hash": "b2584eaf20d42f2872910fef216c8775d939ad0221efd1f4c5911f9414947fe3", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000907-addr_0x00000000029b0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000907-addr_0x00000000029b0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_946", "md5_hash": "b19cfca79ec16918897e6b58c307e7b9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a500fd8c00da67416dc46015961bf84008544431", "sha256_hash": "c886dece779f63e38221540aaa5ab0a338327d0886eda69cb171417c67e39dc0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000908-addr_0x00000000029c0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000908-addr_0x00000000029c0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_947", "md5_hash": "8e773996b8704b15663e6aa84e75f437", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6aea9779b5d5db40f241572ffc6de98faab0c595", "sha256_hash": "beae80aebb83d875598b2f25d9110c6dafd72fe0291385da443db3bbfa49187d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000909-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000909-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_948", "md5_hash": "1ba8ca33d31cdcf247f0f39b1d21595f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4130c6d84b23f08fa52142b8fcf514e609c274c5", "sha256_hash": "a525476857ff3a12d813a6a6872a5846a3f884d9e2bb0aa5630f3475c569f25a", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000910-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000910-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_949", "md5_hash": "5ace06fbbb840f024ba20f857a2ad2b9", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "5e93961bd2368572e77a0373aaf46083d9e6deef", "sha256_hash": "f2dfe38453ce433f73164808486df44604ec158213b16d780c9d4b35cfcf5484", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000912-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000912-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_951", "md5_hash": "f05df4b6b68f0e5b0f6a7c15887db9ab", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a7e98e24c7a8113a4e974769a87c239a69c93c60", "sha256_hash": "f48834c11c3b9e7de0061ea3d31ac5e9a5bee99c8cf34a82606682322698aa88", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000914-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000914-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_953", "md5_hash": "c4b076ad014c93709f902b98ff238d9f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ee95e5dd7daa88621a6a60e9dd076f5fe70f2b51", "sha256_hash": "9d818506f5ca73df96f9a2b19f0bb54b32727bcf90b04a31088b9174869edaa8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000917-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000917-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_956", "md5_hash": "0068a584eafdb4dde905cc90f6ae9166", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e88b3229de46ef9538606e182fd2a6fa4141e188", "sha256_hash": "82da11a61b6aaf4c210a347246f74e37f2bbdeee797c72e535e2fa97d550c9e0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000919-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000919-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_958", "md5_hash": "876e025e54390ae2c71eabbf29b99f32", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9629bc4ff1b4a461ae7e9ed0ca48a7502bb39b47", "sha256_hash": "af4dd6b566c916267f1fc846c828863135625ae964936a4fbd03d5473babe8dd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000920-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000920-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_959", "md5_hash": "75d08e2f69161eb601026474ecb5e0d1", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d64c171185e2b5d1f5088f5a856101765cfc95d9", "sha256_hash": "f086d446eba0d316295fd804354b2f1ecd30f2123b8c5d031c1e0e8903f264fd", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000924-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000924-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_963", "md5_hash": "8960c7e54046cccd2dd0fc1d1ce81642", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "27d07357cfb25dbe813e144eabf84b3b60f1fedd", "sha256_hash": "50cda7bef3db9e55ca268a8644091d0f3a433d2e0c073858d2759a1717920e2f", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000925-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000925-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_964", "md5_hash": "a974402fcc570ca5d336505ad1964c74", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7b7ac9d5bb35269f1e0afe15a1584d5f82c1781c", "sha256_hash": "5c820846104c461b54c2746f6d2412fd44642ac5767cc18000417dcc43cb5edb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000926-addr_0x0000000002860000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000926-addr_0x0000000002860000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_965", "md5_hash": "4863637c557c25789eb5eaa3ea85d560", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "19616709917806cc75047b608da7bb798efcf3b4", "sha256_hash": "9d2610953c792f20f2059dbc008b6a02104be5175f80ec476e5f06f19cdaeef8", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000929-addr_0x0000000002870000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000929-addr_0x0000000002870000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_968", "md5_hash": "633bb5ef3815fd0d26fe41a5478f72fe", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "255056c6d4bfe6a6a21411056fbc1e85a7ac238c", "sha256_hash": "e27f0512ef9d7c954bcc0621cf07307425b16c6269a98576a557b7e029f862b5", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000930-addr_0x0000000002880000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000930-addr_0x0000000002880000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_969", "md5_hash": "4e996d40e65f1387e6b8c52430e5a175", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "af4a67e7c94e78c1d1b80357745f912a68e442fd", "sha256_hash": "5584586c3e9f6a36db78a9049ecf9e1d3c8d15bb9177ded7407392279d4accd0", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000931-addr_0x0000000002890000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000931-addr_0x0000000002890000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_970", "md5_hash": "e1757f7566391620955fb15a50c0017e", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "29d6c63d929d1fabd5824cd2850678a3e3c512eb", "sha256_hash": "b1ed4febb927ce435a8d5428a0cd104e8750a9a435ad8e958640b241fc5e5cbb", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000932-addr_0x00000000028a0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000001-region_00000932-addr_0x00000000028a0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_971", "md5_hash": "14d9dcf2f6f4514c5b7e800ffeea8c95", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ddf0d6fb2c997b5b566201aee1e6f860ee9f6bab", "sha256_hash": "ce3a3e3049fa785bf1106d2b7f9853e7e0a401afae88ee4eb68ea66a531517c1", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000933-addr_0x00000000029b0000-size_0x000000000000e000-perm_rw.bin", "filename": "process_00000001-region_00000933-addr_0x00000000029b0000-size_0x000000000000e000-perm_rw.bin", "id": "proc_dump_972", "md5_hash": "62d97ce8b6cf4bb673df68ed72244c07", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "4cf2ee9e78ab3b2e6f1bc063c6739d56bfe285d2", "sha256_hash": "ebeda76173fdf59aae0b86c878cbc463200e429ed1d49380362a032fdfbe9a8c", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000934-addr_0x00000000029c0000-size_0x000000000000e000-perm_rw.bin", "filename": "process_00000001-region_00000934-addr_0x00000000029c0000-size_0x000000000000e000-perm_rw.bin", "id": "proc_dump_973", "md5_hash": "50b0ba57a4d90ccdbf95f34f441b1d9c", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "a43355611f961d0fa4d7e463d2df3b3819d4358d", "sha256_hash": "f81ddeb8b1b344bd27571d77ad11d7555a3d92d4225eef7fad31948b7f80d6b8", "size": 57344, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000935-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000935-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_974", "md5_hash": "7f9ca87caf9b840d59f0bb0e8281acf8", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "95ca2535424b873d2925115b039ad8545b4de701", "sha256_hash": "3bc3cbfcde72269019617ac983b288eda4e7dfd4ee76058555a7096db7df2c0d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000936-addr_0x0000000002860000-size_0x0000000000001000-perm_rwx.bin", "filename": "process_00000001-region_00000936-addr_0x0000000002860000-size_0x0000000000001000-perm_rwx.bin", "id": "proc_dump_975", "md5_hash": "a44020dd3db668eb1edf1ac3d5f97580", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "e016423b68f44bed7b372b46f1417b4e55b8dd05", "sha256_hash": "b765dc2fc5f4b178664b19ba48b9541747bb1427abbd3cecc0e83141588bd940", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000939-addr_0x0000000002870000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000939-addr_0x0000000002870000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_978", "md5_hash": "2c955fe3714d8c76a751d4e9cd3d188a", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "18c325812004240708393f97d449502689074b5a", "sha256_hash": "cf919e7da0121ea5c632b3f20223099832834dc5c698538b8c21947b6cc3692d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000940-addr_0x0000000002880000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000940-addr_0x0000000002880000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_979", "md5_hash": "91bbe49d44c40492d863f9ab7adca851", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "afea700c85f9b054b7a30ba986b4ca3402373b33", "sha256_hash": "5db27741cfc2a0295162c422cf2d8189d1164ab6e6583cfe7ee4a0eb6bd18bf6", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000941-addr_0x0000000002890000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000001-region_00000941-addr_0x0000000002890000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_980", "md5_hash": "db6138b5e69dc118900b715b627a7876", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "0e5520027793fe865f202a38d6280776db9477f7", "sha256_hash": "2088a517d4dc59c07d9f75b5dc244504dc02e868746c153d25c170762e468359", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000001-region_00000942-addr_0x00000000028a0000-size_0x0000000000101000-perm_rw.bin", "filename": "process_00000001-region_00000942-addr_0x00000000028a0000-size_0x0000000000101000-perm_rw.bin", "id": "proc_dump_981", "md5_hash": "200b1470e2fa78893216d9511f15717f", "ref_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "d4db270c744834017c568c56998f35f143954788", "sha256_hash": "cbbba7e0dc5e3e828649445bf2d73ae8427fabece6b3a08558cda8070bd6cd1c", "size": 1052672, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000499-addr_0x0000000000950000-size_0x0000000000020000-perm_rw.bin", "filename": "process_00000002-region_00000499-addr_0x0000000000950000-size_0x0000000000020000-perm_rw.bin", "id": "proc_dump_640", "md5_hash": "88c9796614e7c39a6d6f966f1a566a7d", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "afe833228442bc80c71bd5b9c7f620fefbca85a9", "sha256_hash": "7cee33f6feed4eaa2fd6739cbefe527912a4efa369e5bbcccc34ee7961175743", "size": 131072, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000500-addr_0x0000000000970000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000500-addr_0x0000000000970000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_641", "md5_hash": "231e7d61682cec563cfea0a5f772300a", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6b6b00b7dfcf607359ce3c713290036363c7543c", "sha256_hash": "3d4ffd25eb7010565221af14f7499131af93af0df3c4a35c0f91cde7c990a371", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000502-addr_0x00000000009a0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000502-addr_0x00000000009a0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_642", "md5_hash": "fa28cecda51df851b4e20a56005a8c69", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "cbabeb6c223bdebca1c8ad9ef6a493b9223759ae", "sha256_hash": "3b4c4ce3961b5c77f569e5740d84637cbb0e89185b55793b49755545b85a02c7", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000503-addr_0x00000000009e0000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000503-addr_0x00000000009e0000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_643", "md5_hash": "5feac4b9d33a338432e1a3d0f54a882b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "69dd7908821fb457d78d3a5d31379c1551eee24b", "sha256_hash": "c0fa29e0a7204ced089bef4429f2179528b7201f79d6e1623449dd59908a9b41", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000506-addr_0x0000000000a40000-size_0x0000000000002000-perm_rw.bin", "filename": "process_00000002-region_00000506-addr_0x0000000000a40000-size_0x0000000000002000-perm_rw.bin", "id": "proc_dump_644", "md5_hash": "ee7357577f91776d6b4e77c5f42284a1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "8b49337096feba66f846ce1f8edc01aa50c70e89", "sha256_hash": "a28e3ae73d6c1b1424a939bb9a1f9723fd2b36e547e3b9b4bda2a066dc82b376", "size": 8192, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000511-addr_0x000000007ebc3000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000511-addr_0x000000007ebc3000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_645", "md5_hash": "7318456f2b8b5163d42ba662c243440c", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6f86975411fc00ba2b5a8c77235d317552edfcae", "sha256_hash": "a3d080f22119b3ce3b9336849831626e98182f4fadb0105d8b6274e8381c876b", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000512-addr_0x000000007ebcc000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000512-addr_0x000000007ebcc000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_646", "md5_hash": "d315962df0ed5abefe7f944ed3d6a8ff", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "03fb8c8f1e3535ba644e1022cfda8163df991c39", "sha256_hash": "a42215b8b4a9e8888e83d852f99b76eda13052824499668e46e408f4b707d3ae", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000513-addr_0x000000007ebcf000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000513-addr_0x000000007ebcf000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_647", "md5_hash": "a14d37e22cc89ad1c4f7ae12c3ed6361", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "ebd3b5fe8e83ed4fc4677c13f28f44c5e02ddf01", "sha256_hash": "9510780b627f6a5b89ef0572c30816f80323b6c067bae110c9965687a446dc1c", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000514-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "filename": "process_00000002-region_00000514-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "id": "proc_dump_648", "md5_hash": "b72e9e63ece2375f5578c9b3e0d818cb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "9f14ea8fa44f6f65448d052996ca9d5bf318ff56", "sha256_hash": "5d1377f15cadb7283708f73c91803b8d0f316d81937a68d102bc7aa1f1831a99", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000519-addr_0x0000000000be0000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000519-addr_0x0000000000be0000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_649", "md5_hash": "fc46001d1a5027f3eead9b16a2bc19eb", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "81ca7519ba5e11f789839f0a824f8b616448cea2", "sha256_hash": "b7ba18d04c92d0d13145340783413f5c94259f5aa6e14a57fc0764ecb7c1f994", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000522-addr_0x0000000000cc0000-size_0x0000000000100000-perm_rw.bin", "filename": "process_00000002-region_00000522-addr_0x0000000000cc0000-size_0x0000000000100000-perm_rw.bin", "id": "proc_dump_650", "md5_hash": "b0a4f08319222866021e5697619a1360", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "849eb9bbd75e492ebeddfabb9b9fb1b880906e45", "sha256_hash": "2c6e896b2a3d29734e3fa602b9c57b89ecb6afe068f6c0b1248f1ab245dc6d80", "size": 1048576, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000600-addr_0x0000000000960000-size_0x0000000000004000-perm_rw.bin", "filename": "process_00000002-region_00000600-addr_0x0000000000960000-size_0x0000000000004000-perm_rw.bin", "id": "proc_dump_677", "md5_hash": "9ca6449416b0d61fd3e8ac21b949c7e3", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "f87d645c508869dd220a2ac82645fb9c6650be56", "sha256_hash": "a5a36c0de4b88c1dfcfbad52d938eb943fc762ecbffb5e4a303959f487d1ec1d", "size": 16384, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000601-addr_0x0000000000b10000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000601-addr_0x0000000000b10000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_678", "md5_hash": "8356f5e5ffe1eecafc380de75f214e95", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "adb06047b7687fd42c00354b54882863322553bb", "sha256_hash": "76bad8f9b6212e67f5ecf5d485dc50a0c5082cd5296e3ca498518d35ec0e7ccd", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000602-addr_0x0000000000b50000-size_0x0000000000040000-perm_rw.bin", "filename": "process_00000002-region_00000602-addr_0x0000000000b50000-size_0x0000000000040000-perm_rw.bin", "id": "proc_dump_679", "md5_hash": "656ae62470fc40d1b1ec02c35b99e54b", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "37261bd5fc74fb7025a84f03ddf1fad46fc6c91d", "sha256_hash": "77f1f4c4512a4e378d5b8ca5d910086b8497f16e9abf042da391235138a94cba", "size": 262144, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000603-addr_0x0000000000f60000-size_0x0000000000010000-perm_rw.bin", "filename": "process_00000002-region_00000603-addr_0x0000000000f60000-size_0x0000000000010000-perm_rw.bin", "id": "proc_dump_680", "md5_hash": "f1844870f5e07d5c7ac6f40569dd5ea7", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "6db9eb66e9b7f19326eacfa76463199cc22b00fe", "sha256_hash": "36127e819bc757d9713f68b7caa1ebde5951c7c94445bbd0c9e6e742b609cc4f", "size": 65536, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000614-addr_0x000000007ebc9000-size_0x0000000000003000-perm_rw.bin", "filename": "process_00000002-region_00000614-addr_0x000000007ebc9000-size_0x0000000000003000-perm_rw.bin", "id": "proc_dump_681", "md5_hash": "66e5173bd15f1c34397e76b0b92d12c1", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "b2e9d6453524715082d193d06b2fd363aebb43b9", "sha256_hash": "f9141b912b546bcaa098c5c9748f1600fc8ab70a11579cd2764d11a6b209d059", "size": 12288, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000627-addr_0x0000000000b90000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000627-addr_0x0000000000b90000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_682", "md5_hash": "da9adb0edff6b1288bb306a461ced314", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "7998f849a970a20fa4f1f914856f34aee7b77ad0", "sha256_hash": "b0497522164234977a6922b917cf9bc4d3b87a6ec589bd936c1b63b108f7479d", "size": 4096, "type": "process_dump", "version": 1 }, { "archive_path": "process_dumps/process_00000002-region_00000628-addr_0x0000000000ba0000-size_0x0000000000001000-perm_rw.bin", "filename": "process_00000002-region_00000628-addr_0x0000000000ba0000-size_0x0000000000001000-perm_rw.bin", "id": "proc_dump_683", "md5_hash": "620f0b67a91f7f74151bc5be745b7110", "ref_process": { "ref_id": "proc_2", "ref_source": "summary", "ref_type": "process", "type": "reference", "version": 1 }, "sha1_hash": "1ceaf73df40e531df3bfb26b4fb7cd95fb7bff1d", "sha256_hash": "ad7facb2586fc6e966c004d7d1d16b024f5805ff7cb47c7a85dabd8b48892ca7", "size": 4096, "type": "process_dump", "version": 1 } ], "processes": [ { "cmd_line": "\"C:\\Users\\CIiHmnxMn6Ps\\Desktop\\bi35.exe\" ", "filename": "c:\\users\\ciihmnxmn6ps\\desktop\\bi35.exe", "id": "proc_1", "image_name": "bi35.exe", "monitor_reason": "analysis_target", "monitored_id": 1, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "process_00000001-region_00000001-addr_0x0000000000010000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_514", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_1", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:00:26.809", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000002-addr_0x0000000000030000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_515", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_2", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:26.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_3", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:00:26.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 655359, "entry_point": 0, "filename": null, "id": "region_4", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:00:26.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_5", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:00:26.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1720319, "entry_point": 0, "filename": null, "id": "region_6", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:00:26.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_7", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:00:26.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_8", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:00:26.810", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000009-addr_0x0000000000400000-size_0x0000000000027000-perm_rwx.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_516", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 159744, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4354047, "entry_point": 4194304, "filename": "\\Users\\CIiHmnxMn6Ps\\Desktop\\bi35.exe", "id": "region_9", "name": "bi35.exe", "norm_filename": "c:\\users\\ciihmnxmn6ps\\desktop\\bi35.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:00:26.810", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1999671295, "entry_point": 1998127104, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_10", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:00:26.811", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_11", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:00:26.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_12", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:00:26.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_13", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:00:26.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_14", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:00:26.898", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_15", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:26.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140714892722176, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140717040140287, "entry_point": 0, "filename": null, "id": "region_16", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:26.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140717040140288, "type": "region", "version": 1 }, "end_va": 140717041983487, "entry_point": 140717040140288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_17", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140717040140288, "timestamp": "00:00:26.899", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20446306304, "start_va": 140717041983488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_18", "name": "private_0x00007ffb3d4d2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140717041983488, "timestamp": "00:00:26.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_158", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:00:28.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1553989632, "type": "region", "version": 1 }, "end_va": 1554460671, "entry_point": 1553989632, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_159", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1553989632, "timestamp": "00:00:28.151", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1554513920, "type": "region", "version": 1 }, "end_va": 1554837503, "entry_point": 1554513920, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_160", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1554513920, "timestamp": "00:00:28.153", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1553924096, "type": "region", "version": 1 }, "end_va": 1553956863, "entry_point": 1553924096, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_161", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1553924096, "timestamp": "00:00:28.159", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 6488063, "entry_point": 0, "filename": null, "id": "region_162", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:00:28.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1980325887, "entry_point": 1978793984, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_163", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:00:28.169", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1993015295, "entry_point": 1992032256, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_164", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992032256, "timestamp": "00:00:28.701", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_165", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:00:28.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 3071999, "entry_point": 2293760, "filename": "\\Windows\\System32\\locale.nls", "id": "region_166", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2293760, "timestamp": "00:00:28.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 1947795456, "type": "region", "version": 1 }, "end_va": 1948389375, "entry_point": 1947795456, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_167", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1947795456, "timestamp": "00:00:28.794", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2146107392, "type": "region", "version": 1 }, "end_va": 2147155967, "entry_point": 0, "filename": null, "id": "region_168", "name": "pagefile_0x000000007feb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2146107392, "timestamp": "00:00:28.798", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 147455, "entry_point": 0, "filename": null, "id": "region_169", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:00:28.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_170", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:00:28.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_171", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:00:28.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1933115392, "type": "region", "version": 1 }, "end_va": 1933139967, "entry_point": 1933115392, "filename": "\\Windows\\SysWOW64\\msimg32.dll", "id": "region_172", "name": "msimg32.dll", "norm_filename": "c:\\windows\\syswow64\\msimg32.dll", "region_type": "memory_mapped_file", "start_va": 1933115392, "timestamp": "00:00:28.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948815359, "entry_point": 1948450816, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_173", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:00:28.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1948844032, "type": "region", "version": 1 }, "end_va": 1948884991, "entry_point": 1948844032, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_174", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1948844032, "timestamp": "00:00:28.820", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1948909568, "type": "region", "version": 1 }, "end_va": 1949032447, "entry_point": 1948909568, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_175", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1948909568, "timestamp": "00:00:28.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1952710655, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_176", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:00:28.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1974992896, "type": "region", "version": 1 }, "end_va": 1975771135, "entry_point": 1974992896, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_177", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1974992896, "timestamp": "00:00:28.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1976827904, "type": "region", "version": 1 }, "end_va": 1977331711, "entry_point": 1976827904, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_178", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1976827904, "timestamp": "00:00:28.930", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_179", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:00:28.982", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1980641279, "entry_point": 1980366848, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_180", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:00:29.231", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1989869568, "type": "region", "version": 1 }, "end_va": 1991233535, "entry_point": 1989869568, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_181", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989869568, "timestamp": "00:00:29.234", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_182", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:00:29.291", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6488064, "type": "region", "version": 1 }, "end_va": 8093695, "entry_point": 0, "filename": null, "id": "region_183", "name": "pagefile_0x0000000000630000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6488064, "timestamp": "00:00:29.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 10158080, "type": "region", "version": 1 }, "end_va": 10223615, "entry_point": 0, "filename": null, "id": "region_184", "name": "private_0x00000000009b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10158080, "timestamp": "00:00:29.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953869823, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_185", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:00:29.306", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1996947456, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1996947456, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_186", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1996947456, "timestamp": "00:00:29.308", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_187", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:00:29.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_188", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:00:29.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8126464, "type": "region", "version": 1 }, "end_va": 9703423, "entry_point": 0, "filename": null, "id": "region_189", "name": "pagefile_0x00000000007c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8126464, "timestamp": "00:00:29.323", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10223616, "type": "region", "version": 1 }, "end_va": 31195135, "entry_point": 0, "filename": null, "id": "region_190", "name": "pagefile_0x00000000009c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10223616, "timestamp": "00:00:29.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000191-addr_0x0000000001dc0000-size_0x0000000000150000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_517", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1376256, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 32571391, "entry_point": 0, "filename": null, "id": "region_191", "name": "private_0x0000000001dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31195136, "timestamp": "00:00:29.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000192-addr_0x0000000000430000-size_0x0000000000012000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_518", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 73728, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4464639, "entry_point": 0, "filename": null, "id": "region_192", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:30.094", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20705280, "start_va": 1953890304, "type": "region", "version": 1 }, "end_va": 1974595583, "entry_point": 1953890304, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_193", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1953890304, "timestamp": "00:00:30.141", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5099520, "start_va": 1984757760, "type": "region", "version": 1 }, "end_va": 1989857279, "entry_point": 1984757760, "filename": "\\Windows\\SysWOW64\\windows.storage.dll", "id": "region_194", "name": "windows.storage.dll", "norm_filename": "c:\\windows\\syswow64\\windows.storage.dll", "region_type": "memory_mapped_file", "start_va": 1984757760, "timestamp": "00:00:31.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1993277440, "type": "region", "version": 1 }, "end_va": 1995087871, "entry_point": 1993277440, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_195", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1993277440, "timestamp": "00:00:32.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1977352192, "type": "region", "version": 1 }, "end_va": 1977630719, "entry_point": 1977352192, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_196", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1977352192, "timestamp": "00:00:32.590", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1995112448, "type": "region", "version": 1 }, "end_va": 1995161599, "entry_point": 1995112448, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_197", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1995112448, "timestamp": "00:00:32.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1982332928, "type": "region", "version": 1 }, "end_va": 1982910463, "entry_point": 1982332928, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_198", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1982332928, "timestamp": "00:00:32.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1975779328, "type": "region", "version": 1 }, "end_va": 1976057855, "entry_point": 1975779328, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_199", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1975779328, "timestamp": "00:00:33.129", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1996877823, "entry_point": 1996816384, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_200", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:00:33.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1527808, "start_va": 1995177984, "type": "region", "version": 1 }, "end_va": 1996705791, "entry_point": 1995177984, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_201", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1995177984, "timestamp": "00:00:33.272", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1996881920, "type": "region", "version": 1 }, "end_va": 1996939263, "entry_point": 1996881920, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_202", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1996881920, "timestamp": "00:00:33.456", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2244608, "start_va": 1941045248, "type": "region", "version": 1 }, "end_va": 1943289855, "entry_point": 1941045248, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_203", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1941045248, "timestamp": "00:00:33.480", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1932328960, "type": "region", "version": 1 }, "end_va": 1933111295, "entry_point": 1932328960, "filename": "\\Windows\\SysWOW64\\msvcr100.dll", "id": "region_204", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\syswow64\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1932328960, "timestamp": "00:00:33.683", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000205-addr_0x0000000001dc0000-size_0x0000000000130000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_519", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1245184, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 32440319, "entry_point": 0, "filename": null, "id": "region_205", "name": "private_0x0000000001dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31195136, "timestamp": "00:00:33.869", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32505856, "type": "region", "version": 1 }, "end_va": 32571391, "entry_point": 0, "filename": null, "id": "region_206", "name": "private_0x0000000001f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 32505856, "timestamp": "00:00:33.869", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000207-addr_0x00000000003f0000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_520", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4132863, "entry_point": 0, "filename": null, "id": "region_207", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:00:34.877", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000208-addr_0x0000000000430000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_521", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4395007, "entry_point": 0, "filename": null, "id": "region_208", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:34.877", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000209-addr_0x0000000000430000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_522", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4653055, "entry_point": 0, "filename": null, "id": "region_209", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:34.879", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000210-addr_0x0000000001dc0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_523", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 31195136, "type": "region", "version": 1 }, "end_va": 32243711, "entry_point": 0, "filename": null, "id": "region_210", "name": "private_0x0000000001dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 31195136, "timestamp": "00:00:34.880", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 32374784, "type": "region", "version": 1 }, "end_va": 32440319, "entry_point": 0, "filename": null, "id": "region_211", "name": "private_0x0000000001ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32374784, "timestamp": "00:00:34.880", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000212-addr_0x000000007ffd5000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_524", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_212", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:00:34.881", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1947271168, "type": "region", "version": 1 }, "end_va": 1947750399, "entry_point": 1947271168, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_213", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1947271168, "timestamp": "00:00:34.883", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000214-addr_0x0000000000470000-size_0x00000000000c0000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_525", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 786432, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_214", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:00:35.106", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4132863, "entry_point": 0, "filename": null, "id": "region_215", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:00:35.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 753664, "start_va": 32571392, "type": "region", "version": 1 }, "end_va": 33325055, "entry_point": 0, "filename": null, "id": "region_216", "name": "pagefile_0x0000000001f10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 32571392, "timestamp": "00:00:35.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4145151, "entry_point": 0, "filename": null, "id": "region_217", "name": "pagefile_0x00000000003f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4128768, "timestamp": "00:00:35.112", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1947140096, "type": "region", "version": 1 }, "end_va": 1947258879, "entry_point": 1947140096, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_218", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1947140096, "timestamp": "00:00:35.113", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 4653056, "type": "region", "version": 1 }, "end_va": 4669439, "entry_point": 0, "filename": null, "id": "region_219", "name": "private_0x0000000000470000", "norm_filename": null, "region_type": "private_memory", "start_va": 4653056, "timestamp": "00:00:35.200", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000220-addr_0x0000000000520000-size_0x0000000000010000-perm_rw.bin", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_526", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 5373952, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_220", "name": "private_0x0000000000520000", "norm_filename": null, "region_type": "private_memory", "start_va": 5373952, "timestamp": "00:00:35.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 24576, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 4743167, "entry_point": 0, "filename": null, "id": "region_221", "name": "pagefile_0x0000000000480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4718592, "timestamp": "00:00:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 4788223, "entry_point": 0, "filename": null, "id": "region_222", "name": "pagefile_0x0000000000490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4784128, "timestamp": "00:00:35.217", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 4784128, "type": "region", "version": 1 }, "end_va": 5308415, "entry_point": 0, "filename": null, "id": "region_223", "name": "private_0x0000000000490000", "norm_filename": null, "region_type": "private_memory", "start_va": 4784128, "timestamp": "00:00:35.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 36728831, "entry_point": 33357824, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_224", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33357824, "timestamp": "00:00:35.219", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_total_dump_size_reached" ], "info": "No dump or only a partial dump was created because the total dump size was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 4718592, "type": "region", "version": 1 }, "end_va": 4722687, "entry_point": 0, "filename": null, "id": "region_225", "name": "private_0x0000000000480000", "norm_filename": null, "region_type": "private_memory", "start_va": 4718592, "timestamp": "00:00:35.298", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000226-addr_0x0000000002410000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_527", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 37814272, "type": "region", "version": 1 }, "end_va": 38076415, "entry_point": 0, "filename": null, "id": "region_226", "name": "private_0x0000000002410000", "norm_filename": null, "region_type": "private_memory", "start_va": 37814272, "timestamp": "00:00:35.298", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000227-addr_0x0000000002450000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_528", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 38076416, "type": "region", "version": 1 }, "end_va": 39124991, "entry_point": 0, "filename": null, "id": "region_227", "name": "private_0x0000000002450000", "norm_filename": null, "region_type": "private_memory", "start_va": 38076416, "timestamp": "00:00:35.298", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000228-addr_0x0000000002550000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_529", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 39124992, "type": "region", "version": 1 }, "end_va": 39387135, "entry_point": 0, "filename": null, "id": "region_228", "name": "private_0x0000000002550000", "norm_filename": null, "region_type": "private_memory", "start_va": 39124992, "timestamp": "00:00:35.298", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000229-addr_0x0000000002590000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_530", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 39387136, "type": "region", "version": 1 }, "end_va": 40435711, "entry_point": 0, "filename": null, "id": "region_229", "name": "private_0x0000000002590000", "norm_filename": null, "region_type": "private_memory", "start_va": 39387136, "timestamp": "00:00:35.299", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000230-addr_0x0000000002690000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_531", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 40435712, "type": "region", "version": 1 }, "end_va": 40697855, "entry_point": 0, "filename": null, "id": "region_230", "name": "private_0x0000000002690000", "norm_filename": null, "region_type": "private_memory", "start_va": 40435712, "timestamp": "00:00:35.299", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000231-addr_0x00000000026d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_532", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 41746431, "entry_point": 0, "filename": null, "id": "region_231", "name": "private_0x00000000026d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40697856, "timestamp": "00:00:35.299", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000232-addr_0x00000000027d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_533", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 41746432, "type": "region", "version": 1 }, "end_va": 42008575, "entry_point": 0, "filename": null, "id": "region_232", "name": "private_0x00000000027d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41746432, "timestamp": "00:00:35.299", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000233-addr_0x0000000002810000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_534", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 42008576, "type": "region", "version": 1 }, "end_va": 43057151, "entry_point": 0, "filename": null, "id": "region_233", "name": "private_0x0000000002810000", "norm_filename": null, "region_type": "private_memory", "start_va": 42008576, "timestamp": "00:00:35.300", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000234-addr_0x0000000002910000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_535", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 43057152, "type": "region", "version": 1 }, "end_va": 43319295, "entry_point": 0, "filename": null, "id": "region_234", "name": "private_0x0000000002910000", "norm_filename": null, "region_type": "private_memory", "start_va": 43057152, "timestamp": "00:00:35.300", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000235-addr_0x0000000002950000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_536", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 43319296, "type": "region", "version": 1 }, "end_va": 44367871, "entry_point": 0, "filename": null, "id": "region_235", "name": "private_0x0000000002950000", "norm_filename": null, "region_type": "private_memory", "start_va": 43319296, "timestamp": "00:00:35.300", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000236-addr_0x0000000002a50000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_537", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 44367872, "type": "region", "version": 1 }, "end_va": 44630015, "entry_point": 0, "filename": null, "id": "region_236", "name": "private_0x0000000002a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 44367872, "timestamp": "00:00:35.301", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000237-addr_0x0000000002a90000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_538", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 44630016, "type": "region", "version": 1 }, "end_va": 45678591, "entry_point": 0, "filename": null, "id": "region_237", "name": "private_0x0000000002a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 44630016, "timestamp": "00:00:35.301", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000238-addr_0x0000000002b90000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_539", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 45678592, "type": "region", "version": 1 }, "end_va": 45940735, "entry_point": 0, "filename": null, "id": "region_238", "name": "private_0x0000000002b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 45678592, "timestamp": "00:00:35.301", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000239-addr_0x0000000002bd0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_540", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 45940736, "type": "region", "version": 1 }, "end_va": 46989311, "entry_point": 0, "filename": null, "id": "region_239", "name": "private_0x0000000002bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45940736, "timestamp": "00:00:35.301", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000240-addr_0x0000000002cd0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_541", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 46989312, "type": "region", "version": 1 }, "end_va": 47251455, "entry_point": 0, "filename": null, "id": "region_240", "name": "private_0x0000000002cd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46989312, "timestamp": "00:00:35.302", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000241-addr_0x0000000002d10000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_542", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 47251456, "type": "region", "version": 1 }, "end_va": 48300031, "entry_point": 0, "filename": null, "id": "region_241", "name": "private_0x0000000002d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 47251456, "timestamp": "00:00:35.302", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000242-addr_0x0000000002e10000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_543", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 48300032, "type": "region", "version": 1 }, "end_va": 48562175, "entry_point": 0, "filename": null, "id": "region_242", "name": "private_0x0000000002e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 48300032, "timestamp": "00:00:35.302", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000243-addr_0x0000000002e50000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_544", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 48562176, "type": "region", "version": 1 }, "end_va": 49610751, "entry_point": 0, "filename": null, "id": "region_243", "name": "private_0x0000000002e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 48562176, "timestamp": "00:00:35.303", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000244-addr_0x0000000002f50000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_545", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 49610752, "type": "region", "version": 1 }, "end_va": 49872895, "entry_point": 0, "filename": null, "id": "region_244", "name": "private_0x0000000002f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 49610752, "timestamp": "00:00:35.303", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000245-addr_0x0000000002f90000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_546", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 49872896, "type": "region", "version": 1 }, "end_va": 50921471, "entry_point": 0, "filename": null, "id": "region_245", "name": "private_0x0000000002f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 49872896, "timestamp": "00:00:35.303", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000246-addr_0x0000000003090000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_547", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 50921472, "type": "region", "version": 1 }, "end_va": 51183615, "entry_point": 0, "filename": null, "id": "region_246", "name": "private_0x0000000003090000", "norm_filename": null, "region_type": "private_memory", "start_va": 50921472, "timestamp": "00:00:35.304", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000247-addr_0x00000000030d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_548", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 51183616, "type": "region", "version": 1 }, "end_va": 52232191, "entry_point": 0, "filename": null, "id": "region_247", "name": "private_0x00000000030d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51183616, "timestamp": "00:00:35.304", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000248-addr_0x00000000031d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_549", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 52232192, "type": "region", "version": 1 }, "end_va": 52494335, "entry_point": 0, "filename": null, "id": "region_248", "name": "private_0x00000000031d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52232192, "timestamp": "00:00:35.305", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000249-addr_0x0000000003210000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_550", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 52494336, "type": "region", "version": 1 }, "end_va": 53542911, "entry_point": 0, "filename": null, "id": "region_249", "name": "private_0x0000000003210000", "norm_filename": null, "region_type": "private_memory", "start_va": 52494336, "timestamp": "00:00:35.305", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000250-addr_0x0000000003310000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_551", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 53542912, "type": "region", "version": 1 }, "end_va": 53805055, "entry_point": 0, "filename": null, "id": "region_250", "name": "private_0x0000000003310000", "norm_filename": null, "region_type": "private_memory", "start_va": 53542912, "timestamp": "00:00:35.305", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000251-addr_0x0000000003350000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_552", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 53805056, "type": "region", "version": 1 }, "end_va": 54853631, "entry_point": 0, "filename": null, "id": "region_251", "name": "private_0x0000000003350000", "norm_filename": null, "region_type": "private_memory", "start_va": 53805056, "timestamp": "00:00:35.306", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000252-addr_0x0000000003450000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_553", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 54853632, "type": "region", "version": 1 }, "end_va": 55115775, "entry_point": 0, "filename": null, "id": "region_252", "name": "private_0x0000000003450000", "norm_filename": null, "region_type": "private_memory", "start_va": 54853632, "timestamp": "00:00:35.306", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000253-addr_0x0000000003490000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_554", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 55115776, "type": "region", "version": 1 }, "end_va": 56164351, "entry_point": 0, "filename": null, "id": "region_253", "name": "private_0x0000000003490000", "norm_filename": null, "region_type": "private_memory", "start_va": 55115776, "timestamp": "00:00:35.306", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000254-addr_0x0000000003590000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_555", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 56164352, "type": "region", "version": 1 }, "end_va": 56426495, "entry_point": 0, "filename": null, "id": "region_254", "name": "private_0x0000000003590000", "norm_filename": null, "region_type": "private_memory", "start_va": 56164352, "timestamp": "00:00:35.306", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000255-addr_0x00000000035d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_556", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 56426496, "type": "region", "version": 1 }, "end_va": 57475071, "entry_point": 0, "filename": null, "id": "region_255", "name": "private_0x00000000035d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56426496, "timestamp": "00:00:35.307", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000256-addr_0x00000000036d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_557", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 57475072, "type": "region", "version": 1 }, "end_va": 57737215, "entry_point": 0, "filename": null, "id": "region_256", "name": "private_0x00000000036d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 57475072, "timestamp": "00:00:35.307", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000257-addr_0x0000000003710000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_558", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 57737216, "type": "region", "version": 1 }, "end_va": 58785791, "entry_point": 0, "filename": null, "id": "region_257", "name": "private_0x0000000003710000", "norm_filename": null, "region_type": "private_memory", "start_va": 57737216, "timestamp": "00:00:35.307", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000258-addr_0x0000000003810000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_559", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 58785792, "type": "region", "version": 1 }, "end_va": 59047935, "entry_point": 0, "filename": null, "id": "region_258", "name": "private_0x0000000003810000", "norm_filename": null, "region_type": "private_memory", "start_va": 58785792, "timestamp": "00:00:35.308", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000259-addr_0x0000000003850000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_560", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 59047936, "type": "region", "version": 1 }, "end_va": 60096511, "entry_point": 0, "filename": null, "id": "region_259", "name": "private_0x0000000003850000", "norm_filename": null, "region_type": "private_memory", "start_va": 59047936, "timestamp": "00:00:35.308", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000260-addr_0x0000000003950000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_561", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 60096512, "type": "region", "version": 1 }, "end_va": 60358655, "entry_point": 0, "filename": null, "id": "region_260", "name": "private_0x0000000003950000", "norm_filename": null, "region_type": "private_memory", "start_va": 60096512, "timestamp": "00:00:35.308", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000261-addr_0x0000000003990000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_562", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 60358656, "type": "region", "version": 1 }, "end_va": 61407231, "entry_point": 0, "filename": null, "id": "region_261", "name": "private_0x0000000003990000", "norm_filename": null, "region_type": "private_memory", "start_va": 60358656, "timestamp": "00:00:35.309", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000262-addr_0x0000000003a90000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_563", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 61407232, "type": "region", "version": 1 }, "end_va": 61669375, "entry_point": 0, "filename": null, "id": "region_262", "name": "private_0x0000000003a90000", "norm_filename": null, "region_type": "private_memory", "start_va": 61407232, "timestamp": "00:00:35.309", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000263-addr_0x0000000003ad0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_564", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 61669376, "type": "region", "version": 1 }, "end_va": 62717951, "entry_point": 0, "filename": null, "id": "region_263", "name": "private_0x0000000003ad0000", "norm_filename": null, "region_type": "private_memory", "start_va": 61669376, "timestamp": "00:00:35.309", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000264-addr_0x0000000003bd0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_565", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 62717952, "type": "region", "version": 1 }, "end_va": 62980095, "entry_point": 0, "filename": null, "id": "region_264", "name": "private_0x0000000003bd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 62717952, "timestamp": "00:00:35.310", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000265-addr_0x0000000003c10000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_566", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 62980096, "type": "region", "version": 1 }, "end_va": 64028671, "entry_point": 0, "filename": null, "id": "region_265", "name": "private_0x0000000003c10000", "norm_filename": null, "region_type": "private_memory", "start_va": 62980096, "timestamp": "00:00:35.310", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000266-addr_0x0000000003d10000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_567", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 64028672, "type": "region", "version": 1 }, "end_va": 64290815, "entry_point": 0, "filename": null, "id": "region_266", "name": "private_0x0000000003d10000", "norm_filename": null, "region_type": "private_memory", "start_va": 64028672, "timestamp": "00:00:35.310", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000267-addr_0x0000000003d50000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_568", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 64290816, "type": "region", "version": 1 }, "end_va": 65339391, "entry_point": 0, "filename": null, "id": "region_267", "name": "private_0x0000000003d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 64290816, "timestamp": "00:00:35.311", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000268-addr_0x0000000003e50000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_569", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 65339392, "type": "region", "version": 1 }, "end_va": 65601535, "entry_point": 0, "filename": null, "id": "region_268", "name": "private_0x0000000003e50000", "norm_filename": null, "region_type": "private_memory", "start_va": 65339392, "timestamp": "00:00:35.311", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000269-addr_0x0000000003e90000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_570", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 65601536, "type": "region", "version": 1 }, "end_va": 66650111, "entry_point": 0, "filename": null, "id": "region_269", "name": "private_0x0000000003e90000", "norm_filename": null, "region_type": "private_memory", "start_va": 65601536, "timestamp": "00:00:35.311", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000270-addr_0x0000000003f90000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_571", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 66650112, "type": "region", "version": 1 }, "end_va": 66912255, "entry_point": 0, "filename": null, "id": "region_270", "name": "private_0x0000000003f90000", "norm_filename": null, "region_type": "private_memory", "start_va": 66650112, "timestamp": "00:00:35.312", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000271-addr_0x0000000003fd0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_572", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 66912256, "type": "region", "version": 1 }, "end_va": 67960831, "entry_point": 0, "filename": null, "id": "region_271", "name": "private_0x0000000003fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66912256, "timestamp": "00:00:35.312", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000272-addr_0x00000000040d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_573", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 67960832, "type": "region", "version": 1 }, "end_va": 68222975, "entry_point": 0, "filename": null, "id": "region_272", "name": "private_0x00000000040d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 67960832, "timestamp": "00:00:35.312", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000273-addr_0x0000000004110000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_574", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 68222976, "type": "region", "version": 1 }, "end_va": 69271551, "entry_point": 0, "filename": null, "id": "region_273", "name": "private_0x0000000004110000", "norm_filename": null, "region_type": "private_memory", "start_va": 68222976, "timestamp": "00:00:35.313", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000274-addr_0x0000000004210000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_575", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 69271552, "type": "region", "version": 1 }, "end_va": 69533695, "entry_point": 0, "filename": null, "id": "region_274", "name": "private_0x0000000004210000", "norm_filename": null, "region_type": "private_memory", "start_va": 69271552, "timestamp": "00:00:35.313", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000275-addr_0x0000000004250000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_576", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 69533696, "type": "region", "version": 1 }, "end_va": 70582271, "entry_point": 0, "filename": null, "id": "region_275", "name": "private_0x0000000004250000", "norm_filename": null, "region_type": "private_memory", "start_va": 69533696, "timestamp": "00:00:35.313", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000276-addr_0x0000000004350000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_577", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 70582272, "type": "region", "version": 1 }, "end_va": 70844415, "entry_point": 0, "filename": null, "id": "region_276", "name": "private_0x0000000004350000", "norm_filename": null, "region_type": "private_memory", "start_va": 70582272, "timestamp": "00:00:35.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000277-addr_0x0000000004390000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_578", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 70844416, "type": "region", "version": 1 }, "end_va": 71892991, "entry_point": 0, "filename": null, "id": "region_277", "name": "private_0x0000000004390000", "norm_filename": null, "region_type": "private_memory", "start_va": 70844416, "timestamp": "00:00:35.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000278-addr_0x0000000004490000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_579", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 71892992, "type": "region", "version": 1 }, "end_va": 72155135, "entry_point": 0, "filename": null, "id": "region_278", "name": "private_0x0000000004490000", "norm_filename": null, "region_type": "private_memory", "start_va": 71892992, "timestamp": "00:00:35.314", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000279-addr_0x00000000044d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_580", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 72155136, "type": "region", "version": 1 }, "end_va": 73203711, "entry_point": 0, "filename": null, "id": "region_279", "name": "private_0x00000000044d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72155136, "timestamp": "00:00:35.315", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000280-addr_0x00000000045d0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_581", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 73203712, "type": "region", "version": 1 }, "end_va": 73465855, "entry_point": 0, "filename": null, "id": "region_280", "name": "private_0x00000000045d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 73203712, "timestamp": "00:00:35.315", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000281-addr_0x0000000004610000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_582", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 73465856, "type": "region", "version": 1 }, "end_va": 74514431, "entry_point": 0, "filename": null, "id": "region_281", "name": "private_0x0000000004610000", "norm_filename": null, "region_type": "private_memory", "start_va": 73465856, "timestamp": "00:00:35.315", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000282-addr_0x0000000004710000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_583", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 74514432, "type": "region", "version": 1 }, "end_va": 74776575, "entry_point": 0, "filename": null, "id": "region_282", "name": "private_0x0000000004710000", "norm_filename": null, "region_type": "private_memory", "start_va": 74514432, "timestamp": "00:00:35.316", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000283-addr_0x0000000004750000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_584", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 74776576, "type": "region", "version": 1 }, "end_va": 75825151, "entry_point": 0, "filename": null, "id": "region_283", "name": "private_0x0000000004750000", "norm_filename": null, "region_type": "private_memory", "start_va": 74776576, "timestamp": "00:00:35.316", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000284-addr_0x0000000004850000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_585", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 75825152, "type": "region", "version": 1 }, "end_va": 76087295, "entry_point": 0, "filename": null, "id": "region_284", "name": "private_0x0000000004850000", "norm_filename": null, "region_type": "private_memory", "start_va": 75825152, "timestamp": "00:00:35.316", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000285-addr_0x0000000004890000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_586", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 76087296, "type": "region", "version": 1 }, "end_va": 77135871, "entry_point": 0, "filename": null, "id": "region_285", "name": "private_0x0000000004890000", "norm_filename": null, "region_type": "private_memory", "start_va": 76087296, "timestamp": "00:00:35.317", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000286-addr_0x0000000004990000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_587", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 77135872, "type": "region", "version": 1 }, "end_va": 77398015, "entry_point": 0, "filename": null, "id": "region_286", "name": "private_0x0000000004990000", "norm_filename": null, "region_type": "private_memory", "start_va": 77135872, "timestamp": "00:00:35.317", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000287-addr_0x00000000049d0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_588", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 77398016, "type": "region", "version": 1 }, "end_va": 78446591, "entry_point": 0, "filename": null, "id": "region_287", "name": "private_0x00000000049d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77398016, "timestamp": "00:00:35.317", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000288-addr_0x000000007fe50000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_589", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145714176, "type": "region", "version": 1 }, "end_va": 2145726463, "entry_point": 0, "filename": null, "id": "region_288", "name": "private_0x000000007fe50000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145714176, "timestamp": "00:00:35.318", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000289-addr_0x000000007fe53000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_590", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145726464, "type": "region", "version": 1 }, "end_va": 2145738751, "entry_point": 0, "filename": null, "id": "region_289", "name": "private_0x000000007fe53000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145726464, "timestamp": "00:00:35.318", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000290-addr_0x000000007fe56000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_591", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145738752, "type": "region", "version": 1 }, "end_va": 2145751039, "entry_point": 0, "filename": null, "id": "region_290", "name": "private_0x000000007fe56000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145738752, "timestamp": "00:00:35.318", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000291-addr_0x000000007fe59000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_592", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145751040, "type": "region", "version": 1 }, "end_va": 2145763327, "entry_point": 0, "filename": null, "id": "region_291", "name": "private_0x000000007fe59000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145751040, "timestamp": "00:00:35.319", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000292-addr_0x000000007fe5c000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_593", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145763328, "type": "region", "version": 1 }, "end_va": 2145775615, "entry_point": 0, "filename": null, "id": "region_292", "name": "private_0x000000007fe5c000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145763328, "timestamp": "00:00:35.319", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000293-addr_0x000000007fe5f000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_594", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145775616, "type": "region", "version": 1 }, "end_va": 2145787903, "entry_point": 0, "filename": null, "id": "region_293", "name": "private_0x000000007fe5f000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145775616, "timestamp": "00:00:35.319", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000294-addr_0x000000007fe62000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_595", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145787904, "type": "region", "version": 1 }, "end_va": 2145800191, "entry_point": 0, "filename": null, "id": "region_294", "name": "private_0x000000007fe62000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145787904, "timestamp": "00:00:35.320", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000295-addr_0x000000007fe65000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_596", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145800192, "type": "region", "version": 1 }, "end_va": 2145812479, "entry_point": 0, "filename": null, "id": "region_295", "name": "private_0x000000007fe65000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145800192, "timestamp": "00:00:35.320", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000296-addr_0x000000007fe68000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_597", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145812480, "type": "region", "version": 1 }, "end_va": 2145824767, "entry_point": 0, "filename": null, "id": "region_296", "name": "private_0x000000007fe68000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145812480, "timestamp": "00:00:35.320", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000297-addr_0x000000007fe6b000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_598", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145824768, "type": "region", "version": 1 }, "end_va": 2145837055, "entry_point": 0, "filename": null, "id": "region_297", "name": "private_0x000000007fe6b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145824768, "timestamp": "00:00:35.321", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000298-addr_0x000000007fe6e000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_599", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145837056, "type": "region", "version": 1 }, "end_va": 2145849343, "entry_point": 0, "filename": null, "id": "region_298", "name": "private_0x000000007fe6e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145837056, "timestamp": "00:00:35.321", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000299-addr_0x000000007fe71000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_600", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145849344, "type": "region", "version": 1 }, "end_va": 2145861631, "entry_point": 0, "filename": null, "id": "region_299", "name": "private_0x000000007fe71000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145849344, "timestamp": "00:00:35.321", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000300-addr_0x000000007fe74000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_601", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145861632, "type": "region", "version": 1 }, "end_va": 2145873919, "entry_point": 0, "filename": null, "id": "region_300", "name": "private_0x000000007fe74000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145861632, "timestamp": "00:00:35.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000301-addr_0x000000007fe77000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_602", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145873920, "type": "region", "version": 1 }, "end_va": 2145886207, "entry_point": 0, "filename": null, "id": "region_301", "name": "private_0x000000007fe77000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145873920, "timestamp": "00:00:35.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000302-addr_0x000000007fe7a000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_603", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145886208, "type": "region", "version": 1 }, "end_va": 2145898495, "entry_point": 0, "filename": null, "id": "region_302", "name": "private_0x000000007fe7a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145886208, "timestamp": "00:00:35.322", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000303-addr_0x000000007fe7d000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_604", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145898496, "type": "region", "version": 1 }, "end_va": 2145910783, "entry_point": 0, "filename": null, "id": "region_303", "name": "private_0x000000007fe7d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145898496, "timestamp": "00:00:35.323", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000304-addr_0x000000007fe80000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_605", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145910784, "type": "region", "version": 1 }, "end_va": 2145923071, "entry_point": 0, "filename": null, "id": "region_304", "name": "private_0x000000007fe80000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145910784, "timestamp": "00:00:35.323", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000305-addr_0x000000007fe83000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_606", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145923072, "type": "region", "version": 1 }, "end_va": 2145935359, "entry_point": 0, "filename": null, "id": "region_305", "name": "private_0x000000007fe83000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145923072, "timestamp": "00:00:35.323", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000306-addr_0x000000007fe86000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_607", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145935360, "type": "region", "version": 1 }, "end_va": 2145947647, "entry_point": 0, "filename": null, "id": "region_306", "name": "private_0x000000007fe86000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145935360, "timestamp": "00:00:35.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000307-addr_0x000000007fe89000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_608", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145947648, "type": "region", "version": 1 }, "end_va": 2145959935, "entry_point": 0, "filename": null, "id": "region_307", "name": "private_0x000000007fe89000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145947648, "timestamp": "00:00:35.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000308-addr_0x000000007fe8c000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_609", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145959936, "type": "region", "version": 1 }, "end_va": 2145972223, "entry_point": 0, "filename": null, "id": "region_308", "name": "private_0x000000007fe8c000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145959936, "timestamp": "00:00:35.324", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000309-addr_0x000000007fe8f000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_610", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145972224, "type": "region", "version": 1 }, "end_va": 2145984511, "entry_point": 0, "filename": null, "id": "region_309", "name": "private_0x000000007fe8f000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145972224, "timestamp": "00:00:35.325", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000310-addr_0x000000007fe92000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_611", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145984512, "type": "region", "version": 1 }, "end_va": 2145996799, "entry_point": 0, "filename": null, "id": "region_310", "name": "private_0x000000007fe92000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145984512, "timestamp": "00:00:35.325", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000311-addr_0x000000007fe95000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_612", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2145996800, "type": "region", "version": 1 }, "end_va": 2146009087, "entry_point": 0, "filename": null, "id": "region_311", "name": "private_0x000000007fe95000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145996800, "timestamp": "00:00:35.325", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000312-addr_0x000000007fe98000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_613", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146009088, "type": "region", "version": 1 }, "end_va": 2146021375, "entry_point": 0, "filename": null, "id": "region_312", "name": "private_0x000000007fe98000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146009088, "timestamp": "00:00:35.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000313-addr_0x000000007fe9b000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_614", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146021376, "type": "region", "version": 1 }, "end_va": 2146033663, "entry_point": 0, "filename": null, "id": "region_313", "name": "private_0x000000007fe9b000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146021376, "timestamp": "00:00:35.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000314-addr_0x000000007fe9e000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_615", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146033664, "type": "region", "version": 1 }, "end_va": 2146045951, "entry_point": 0, "filename": null, "id": "region_314", "name": "private_0x000000007fe9e000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146033664, "timestamp": "00:00:35.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000315-addr_0x000000007fea1000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_616", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146045952, "type": "region", "version": 1 }, "end_va": 2146058239, "entry_point": 0, "filename": null, "id": "region_315", "name": "private_0x000000007fea1000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146045952, "timestamp": "00:00:35.326", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000316-addr_0x000000007fea4000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_617", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146058240, "type": "region", "version": 1 }, "end_va": 2146070527, "entry_point": 0, "filename": null, "id": "region_316", "name": "private_0x000000007fea4000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146058240, "timestamp": "00:00:35.327", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000317-addr_0x000000007fea7000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_618", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146070528, "type": "region", "version": 1 }, "end_va": 2146082815, "entry_point": 0, "filename": null, "id": "region_317", "name": "private_0x000000007fea7000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146070528, "timestamp": "00:00:35.327", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000318-addr_0x000000007feaa000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_619", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146082816, "type": "region", "version": 1 }, "end_va": 2146095103, "entry_point": 0, "filename": null, "id": "region_318", "name": "private_0x000000007feaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146082816, "timestamp": "00:00:35.327", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000322-addr_0x0000000000510000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_620", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5312511, "entry_point": 0, "filename": null, "id": "region_322", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:00:35.557", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000324-addr_0x0000000000510000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_621", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5312511, "entry_point": 0, "filename": null, "id": "region_324", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:00:35.564", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000325-addr_0x0000000000430000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_622", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4456447, "entry_point": 0, "filename": null, "id": "region_325", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:39.886", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000327-addr_0x0000000000430000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_623", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4481023, "entry_point": 0, "filename": null, "id": "region_327", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:39.889", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000329-addr_0x0000000000430000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_624", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4395007, "entry_point": 0, "filename": null, "id": "region_329", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:39.892", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000388-addr_0x0000000000430000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_625", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 4395007, "entry_point": 0, "filename": null, "id": "region_388", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:00:39.923", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000389-addr_0x0000000000440000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_626", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4460543, "entry_point": 0, "filename": null, "id": "region_389", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:00:39.924", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000396-addr_0x0000000000510000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_627", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 5308416, "type": "region", "version": 1 }, "end_va": 5312511, "entry_point": 0, "filename": null, "id": "region_396", "name": "private_0x0000000000510000", "norm_filename": null, "region_type": "private_memory", "start_va": 5308416, "timestamp": "00:00:40.696", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000397-addr_0x0000000000950000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_628", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 9830399, "entry_point": 0, "filename": null, "id": "region_397", "name": "private_0x0000000000950000", "norm_filename": null, "region_type": "private_memory", "start_va": 9764864, "timestamp": "00:00:40.696", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000398-addr_0x0000000000950000-size_0x0000000000016000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_629", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 90112, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 9854975, "entry_point": 0, "filename": null, "id": "region_398", "name": "private_0x0000000000950000", "norm_filename": null, "region_type": "private_memory", "start_va": 9764864, "timestamp": "00:00:40.697", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000470-addr_0x00000000009a0000-size_0x0000000000003000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_630", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 10104831, "entry_point": 0, "filename": null, "id": "region_470", "name": "private_0x00000000009a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10092544, "timestamp": "00:00:42.097", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000474-addr_0x0000000001ec0000-size_0x0000000000003000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_631", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32255999, "entry_point": 0, "filename": null, "id": "region_474", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:00:42.219", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000484-addr_0x000000007feaa000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_632", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2146082816, "type": "region", "version": 1 }, "end_va": 2146095103, "entry_point": 0, "filename": null, "id": "region_484", "name": "private_0x000000007feaa000", "norm_filename": null, "region_type": "private_memory", "start_va": 2146082816, "timestamp": "00:00:42.397", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000492-addr_0x00000000026d0000-size_0x0000000000018000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_633", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 98304, "start_va": 40697856, "type": "region", "version": 1 }, "end_va": 40796159, "entry_point": 0, "filename": null, "id": "region_492", "name": "private_0x00000000026d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40697856, "timestamp": "00:00:42.871", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000493-addr_0x00000000009a0000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_634", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 10096639, "entry_point": 0, "filename": null, "id": "region_493", "name": "private_0x00000000009a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10092544, "timestamp": "00:00:42.871", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000494-addr_0x0000000001ec0000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_635", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32247807, "entry_point": 0, "filename": null, "id": "region_494", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:00:42.878", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000495-addr_0x0000000001ec0000-size_0x0000000000009000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_636", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 36864, "start_va": 32243712, "type": "region", "version": 1 }, "end_va": 32280575, "entry_point": 0, "filename": null, "id": "region_495", "name": "private_0x0000000001ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 32243712, "timestamp": "00:00:42.879", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000496-addr_0x00000000026f0000-size_0x0000000000002000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_637", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 40828928, "type": "region", "version": 1 }, "end_va": 40837119, "entry_point": 0, "filename": null, "id": "region_496", "name": "private_0x00000000026f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40828928, "timestamp": "00:00:42.880", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000497-addr_0x0000000002700000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_638", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 40898559, "entry_point": 0, "filename": null, "id": "region_497", "name": "private_0x0000000002700000", "norm_filename": null, "region_type": "private_memory", "start_va": 40894464, "timestamp": "00:00:42.902", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000498-addr_0x0000000002710000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_639", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 40964095, "entry_point": 0, "filename": null, "id": "region_498", "name": "private_0x0000000002710000", "norm_filename": null, "region_type": "private_memory", "start_va": 40960000, "timestamp": "00:00:42.903", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000635-addr_0x0000000002710000-size_0x0000000000004000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_684", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 40960000, "type": "region", "version": 1 }, "end_va": 40976383, "entry_point": 0, "filename": null, "id": "region_635", "name": "private_0x0000000002710000", "norm_filename": null, "region_type": "private_memory", "start_va": 40960000, "timestamp": "00:00:48.358", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000636-addr_0x0000000002720000-size_0x0000000000003000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_685", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 41025536, "type": "region", "version": 1 }, "end_va": 41037823, "entry_point": 0, "filename": null, "id": "region_636", "name": "private_0x0000000002720000", "norm_filename": null, "region_type": "private_memory", "start_va": 41025536, "timestamp": "00:00:48.359", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000637-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_686", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_637", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:48.359", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000639-addr_0x0000000002730000-size_0x0000000000003000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_687", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41103359, "entry_point": 0, "filename": null, "id": "region_639", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:48.361", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000640-addr_0x0000000002730000-size_0x0000000000002000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_688", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41099263, "entry_point": 0, "filename": null, "id": "region_640", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.462", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000641-addr_0x0000000002740000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_689", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41156608, "type": "region", "version": 1 }, "end_va": 41160703, "entry_point": 0, "filename": null, "id": "region_641", "name": "private_0x0000000002740000", "norm_filename": null, "region_type": "private_memory", "start_va": 41156608, "timestamp": "00:00:52.479", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000651-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_690", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_651", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.488", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000652-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_691", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_652", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.492", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000654-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_693", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_654", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.498", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000655-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_694", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_655", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.500", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000657-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_696", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_657", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.511", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000658-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_697", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_658", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.513", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000659-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_698", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_659", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.514", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000661-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_700", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_661", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.516", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000662-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_701", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_662", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.518", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000663-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_702", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_663", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.519", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000665-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_704", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_665", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.526", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000666-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_705", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_666", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.528", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000667-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_706", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_667", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.529", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000668-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_707", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_668", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.530", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000669-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_708", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_669", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.530", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000671-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_710", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_671", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.539", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000672-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_711", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_672", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.541", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000673-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_712", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_673", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.542", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000674-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_713", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_674", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.543", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000675-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_714", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_675", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.543", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000677-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_716", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_677", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.546", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000678-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_717", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_678", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.548", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000679-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_718", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_679", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.548", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000680-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_719", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_680", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.549", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000682-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_721", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_682", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.551", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000683-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_722", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_683", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.553", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000684-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_723", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_684", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.554", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000685-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_724", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_685", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.555", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000687-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_726", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_687", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.557", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000688-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_727", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_688", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.559", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000689-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_728", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_689", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.559", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000690-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_729", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_690", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.560", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000692-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_731", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_692", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.569", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000693-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_732", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_693", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.572", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000694-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_733", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_694", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.572", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000695-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_734", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_695", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.573", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000697-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_736", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_697", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.576", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000698-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_737", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_698", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.578", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000699-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_738", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_699", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.578", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000701-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_740", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_701", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.581", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000702-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_741", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_702", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.582", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000703-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_742", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_703", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.583", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000704-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_743", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_704", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.584", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000706-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_745", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_706", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.586", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000707-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_746", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_707", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.588", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000708-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_747", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_708", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.589", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000709-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_748", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_709", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.590", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000711-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_750", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_711", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.599", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000712-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_751", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_712", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.601", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000713-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_752", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_713", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.601", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000715-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_754", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_715", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.604", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000716-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_755", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_716", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.605", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000717-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_756", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_717", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.606", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000719-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_758", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_719", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.609", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000720-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_759", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_720", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.611", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000721-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_760", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_721", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.612", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000722-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_761", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_722", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.613", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000724-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_763", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_724", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.625", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000725-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_764", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_725", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.628", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000726-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_765", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_726", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.629", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000727-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_766", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_727", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.630", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000728-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_767", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_728", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.631", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000729-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_768", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_729", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.631", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000730-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_769", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_730", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.632", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000731-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_770", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_731", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.634", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000732-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_771", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_732", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.635", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000733-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_772", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_733", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.636", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000734-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_773", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_734", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.637", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000735-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_774", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_735", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.637", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000736-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_775", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_736", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.638", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000737-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_776", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_737", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.639", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000738-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_777", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_738", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.639", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000739-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_778", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_739", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.640", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000740-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_779", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_740", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.641", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000741-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_780", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_741", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.642", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000743-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_782", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_743", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.643", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000744-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_783", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_744", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.645", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000745-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_784", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_745", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.646", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000747-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_786", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_747", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.660", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000748-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_787", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_748", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.708", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000749-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_788", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_749", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.709", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000750-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_789", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_750", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.710", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000751-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_790", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_751", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.711", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000753-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_792", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_753", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.715", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000754-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_793", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_754", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.717", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000755-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_794", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_755", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.718", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000757-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_796", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_757", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.720", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000758-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_797", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_758", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.722", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000759-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_798", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_759", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.723", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000760-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_799", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_760", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.724", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000762-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_801", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_762", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.731", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000763-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_802", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_763", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.733", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000764-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_803", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_764", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.734", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000765-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_804", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_765", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.735", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000767-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_806", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_767", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.738", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000768-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_807", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_768", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.740", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000769-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_808", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_769", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.741", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000770-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_809", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_770", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.742", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000772-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_811", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_772", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.744", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000773-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_812", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_773", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.746", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000774-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_813", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_774", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.747", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000775-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_814", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_775", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.748", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000777-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_816", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_777", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.750", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000778-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_817", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_778", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.752", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000779-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_818", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_779", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.753", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000781-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_820", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_781", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.756", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000782-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_821", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_782", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.758", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000783-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_822", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_783", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.758", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000784-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_823", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_784", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.760", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000786-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_825", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_786", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.762", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000787-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_826", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_787", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.763", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000788-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_827", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_788", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.764", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000789-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_828", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_789", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.765", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000791-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_830", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_791", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.768", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000792-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_831", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_792", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.770", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000793-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_832", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_793", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.771", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000794-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_833", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_794", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.772", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000796-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_835", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_796", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.775", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000797-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_836", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_797", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.834", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000798-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_837", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_798", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.835", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000799-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_838", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_799", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.836", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000801-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_840", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_801", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.841", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000802-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_841", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_802", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.844", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000803-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_842", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_803", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.844", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000804-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_843", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_804", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.845", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000806-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_845", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_806", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.848", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000807-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_846", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_807", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.850", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000808-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_847", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_808", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.851", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000809-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_848", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_809", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.852", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000811-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_850", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_811", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.858", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000812-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_851", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_812", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.862", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000813-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_852", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_813", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.863", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000814-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_853", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_814", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.864", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000816-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_855", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_816", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.867", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000817-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_856", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_817", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.870", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000819-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_858", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_819", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.873", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000820-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_859", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_820", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.875", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000821-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_860", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_821", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.876", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000822-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_861", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_822", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.877", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000824-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_863", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_824", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.883", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000825-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_864", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_825", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.885", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000826-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_865", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_826", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.886", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000828-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_867", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_828", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.889", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000829-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_868", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_829", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.891", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000830-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_869", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_830", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.892", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000831-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_870", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_831", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.893", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000833-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_872", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_833", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.895", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000834-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_873", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_834", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.897", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000835-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_874", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_835", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.898", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000837-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_876", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_837", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.902", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000838-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_877", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_838", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.904", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000839-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_878", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_839", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.905", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000841-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_880", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_841", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.907", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000842-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_881", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_842", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.910", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000843-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_882", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_843", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.911", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000844-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_883", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_844", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.912", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000846-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_885", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_846", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.919", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000847-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_886", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_847", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.921", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000848-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_887", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_848", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.921", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000850-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_889", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_850", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.924", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000851-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_890", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_851", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.926", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000852-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_891", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_852", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.927", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000853-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_892", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_853", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.927", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000855-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_894", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_855", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.930", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000856-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_895", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_856", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.933", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000857-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_896", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_857", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.934", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000858-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_897", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_858", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.934", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000860-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_899", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_860", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.937", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000861-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_900", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_861", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.939", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000862-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_901", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_862", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.940", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000864-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_903", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_864", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.942", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000865-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_904", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_865", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.944", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000866-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_905", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_866", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.945", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000867-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_906", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_867", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.946", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000869-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_908", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_869", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.956", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000870-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_909", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_870", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.959", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000871-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_910", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_871", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.960", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000872-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_911", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_872", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.961", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000874-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_913", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_874", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.964", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000875-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_914", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_875", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.966", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000876-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_915", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_876", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.967", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000877-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_916", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_877", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.968", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000878-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_917", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_878", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.969", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000879-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_918", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_879", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.970", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000880-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_919", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_880", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.971", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000882-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_921", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_882", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.974", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000883-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_922", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_883", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.977", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000884-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_923", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_884", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.980", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000885-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_924", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_885", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.981", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000887-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_926", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_887", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.983", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000888-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_927", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_888", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.986", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000889-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_928", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_889", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.987", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000890-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_929", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_890", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.988", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000893-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_932", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_893", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.990", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000894-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_933", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_894", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.993", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000896-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_935", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_896", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:52.998", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000897-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_936", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_897", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.001", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000898-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_937", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_898", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.002", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000899-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_938", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_899", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.003", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000900-addr_0x0000000002860000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_939", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 42340351, "entry_point": 0, "filename": null, "id": "region_900", "name": "private_0x0000000002860000", "norm_filename": null, "region_type": "private_memory", "start_va": 42336256, "timestamp": "00:00:53.005", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000901-addr_0x0000000002870000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_940", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 42405887, "entry_point": 0, "filename": null, "id": "region_901", "name": "private_0x0000000002870000", "norm_filename": null, "region_type": "private_memory", "start_va": 42401792, "timestamp": "00:00:53.005", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000903-addr_0x0000000002870000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_942", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 42405887, "entry_point": 0, "filename": null, "id": "region_903", "name": "private_0x0000000002870000", "norm_filename": null, "region_type": "private_memory", "start_va": 42401792, "timestamp": "00:00:53.007", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000904-addr_0x0000000002880000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_943", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42471423, "entry_point": 0, "filename": null, "id": "region_904", "name": "private_0x0000000002880000", "norm_filename": null, "region_type": "private_memory", "start_va": 42467328, "timestamp": "00:00:53.008", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000905-addr_0x0000000002890000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_944", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42532864, "type": "region", "version": 1 }, "end_va": 42536959, "entry_point": 0, "filename": null, "id": "region_905", "name": "private_0x0000000002890000", "norm_filename": null, "region_type": "private_memory", "start_va": 42532864, "timestamp": "00:00:53.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000906-addr_0x00000000028a0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_945", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 42598400, "type": "region", "version": 1 }, "end_va": 43651071, "entry_point": 0, "filename": null, "id": "region_906", "name": "private_0x00000000028a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42598400, "timestamp": "00:00:53.015", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000907-addr_0x00000000029b0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_946", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 43716607, "entry_point": 0, "filename": null, "id": "region_907", "name": "private_0x00000000029b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43712512, "timestamp": "00:00:53.026", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000908-addr_0x00000000029c0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_947", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 43778048, "type": "region", "version": 1 }, "end_va": 43782143, "entry_point": 0, "filename": null, "id": "region_908", "name": "private_0x00000000029c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43778048, "timestamp": "00:00:53.027", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000909-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_948", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_909", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.036", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000910-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_949", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_910", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.037", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000912-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_951", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_912", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.039", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000914-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_953", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_914", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.043", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000917-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_956", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_917", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.048", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000919-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_958", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_919", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.052", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000920-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_959", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_920", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.055", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000924-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_963", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_924", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.064", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000925-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_964", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_925", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.066", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000926-addr_0x0000000002860000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_965", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 42340351, "entry_point": 0, "filename": null, "id": "region_926", "name": "private_0x0000000002860000", "norm_filename": null, "region_type": "private_memory", "start_va": 42336256, "timestamp": "00:00:53.067", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000929-addr_0x0000000002870000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_968", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 42405887, "entry_point": 0, "filename": null, "id": "region_929", "name": "private_0x0000000002870000", "norm_filename": null, "region_type": "private_memory", "start_va": 42401792, "timestamp": "00:00:53.070", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000930-addr_0x0000000002880000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_969", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42471423, "entry_point": 0, "filename": null, "id": "region_930", "name": "private_0x0000000002880000", "norm_filename": null, "region_type": "private_memory", "start_va": 42467328, "timestamp": "00:00:53.071", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000931-addr_0x0000000002890000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_970", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42532864, "type": "region", "version": 1 }, "end_va": 42536959, "entry_point": 0, "filename": null, "id": "region_931", "name": "private_0x0000000002890000", "norm_filename": null, "region_type": "private_memory", "start_va": 42532864, "timestamp": "00:00:53.076", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000932-addr_0x00000000028a0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_971", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 42598400, "type": "region", "version": 1 }, "end_va": 43651071, "entry_point": 0, "filename": null, "id": "region_932", "name": "private_0x00000000028a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42598400, "timestamp": "00:00:53.077", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000933-addr_0x00000000029b0000-size_0x000000000000e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_972", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 43712512, "type": "region", "version": 1 }, "end_va": 43769855, "entry_point": 0, "filename": null, "id": "region_933", "name": "private_0x00000000029b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43712512, "timestamp": "00:00:53.082", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000934-addr_0x00000000029c0000-size_0x000000000000e000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_973", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 57344, "start_va": 43778048, "type": "region", "version": 1 }, "end_va": 43835391, "entry_point": 0, "filename": null, "id": "region_934", "name": "private_0x00000000029c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 43778048, "timestamp": "00:00:53.083", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000935-addr_0x0000000002730000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_974", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 41091072, "type": "region", "version": 1 }, "end_va": 41095167, "entry_point": 0, "filename": null, "id": "region_935", "name": "private_0x0000000002730000", "norm_filename": null, "region_type": "private_memory", "start_va": 41091072, "timestamp": "00:00:53.093", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000936-addr_0x0000000002860000-size_0x0000000000001000-perm_rwx.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": { "ref_id": "proc_dump_975", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42336256, "type": "region", "version": 1 }, "end_va": 42340351, "entry_point": 0, "filename": null, "id": "region_936", "name": "private_0x0000000002860000", "norm_filename": null, "region_type": "private_memory", "start_va": 42336256, "timestamp": "00:00:53.094", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000939-addr_0x0000000002870000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_978", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42401792, "type": "region", "version": 1 }, "end_va": 42405887, "entry_point": 0, "filename": null, "id": "region_939", "name": "private_0x0000000002870000", "norm_filename": null, "region_type": "private_memory", "start_va": 42401792, "timestamp": "00:00:53.097", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000940-addr_0x0000000002880000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_979", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42467328, "type": "region", "version": 1 }, "end_va": 42471423, "entry_point": 0, "filename": null, "id": "region_940", "name": "private_0x0000000002880000", "norm_filename": null, "region_type": "private_memory", "start_va": 42467328, "timestamp": "00:00:53.097", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000941-addr_0x0000000002890000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_980", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 42532864, "type": "region", "version": 1 }, "end_va": 42536959, "entry_point": 0, "filename": null, "id": "region_941", "name": "private_0x0000000002890000", "norm_filename": null, "region_type": "private_memory", "start_va": 42532864, "timestamp": "00:00:53.102", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000001-region_00000942-addr_0x00000000028a0000-size_0x0000000000101000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_981", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1052672, "start_va": 42598400, "type": "region", "version": 1 }, "end_va": 43651071, "entry_point": 0, "filename": null, "id": "region_942", "name": "private_0x00000000028a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 42598400, "timestamp": "00:00:53.103", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "nslookup gandcrab.bit a.dnspod.com", "filename": "c:\\windows\\syswow64\\nslookup.exe", "id": "proc_2", "image_name": "nslookup.exe", "monitor_reason": "child_process", "monitored_id": 2, "origin_monitor_id": 1, "ref_parent_process": { "ref_id": "proc_1", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "process_00000002-region_00000499-addr_0x0000000000950000-size_0x0000000000020000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_640", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 131072, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 9895935, "entry_point": 0, "filename": null, "id": "region_499", "name": "private_0x0000000000950000", "norm_filename": null, "region_type": "private_memory", "start_va": 9764864, "timestamp": "00:00:42.918", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000500-addr_0x0000000000970000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_641", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 9904127, "entry_point": 0, "filename": null, "id": "region_500", "name": "private_0x0000000000970000", "norm_filename": null, "region_type": "private_memory", "start_va": 9895936, "timestamp": "00:00:42.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 9961472, "type": "region", "version": 1 }, "end_va": 10043391, "entry_point": 0, "filename": null, "id": "region_501", "name": "pagefile_0x0000000000980000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9961472, "timestamp": "00:00:42.919", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000502-addr_0x00000000009a0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_642", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 10092544, "type": "region", "version": 1 }, "end_va": 10354687, "entry_point": 0, "filename": null, "id": "region_502", "name": "private_0x00000000009a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10092544, "timestamp": "00:00:42.919", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000503-addr_0x00000000009e0000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_643", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 10354688, "type": "region", "version": 1 }, "end_va": 10616831, "entry_point": 0, "filename": null, "id": "region_503", "name": "private_0x00000000009e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 10354688, "timestamp": "00:00:42.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 10616832, "type": "region", "version": 1 }, "end_va": 10633215, "entry_point": 0, "filename": null, "id": "region_504", "name": "pagefile_0x0000000000a20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10616832, "timestamp": "00:00:42.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 10682368, "type": "region", "version": 1 }, "end_va": 10686463, "entry_point": 0, "filename": null, "id": "region_505", "name": "pagefile_0x0000000000a30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10682368, "timestamp": "00:00:42.919", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000506-addr_0x0000000000a40000-size_0x0000000000002000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_644", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 8192, "start_va": 10747904, "type": "region", "version": 1 }, "end_va": 10756095, "entry_point": 0, "filename": null, "id": "region_506", "name": "private_0x0000000000a40000", "norm_filename": null, "region_type": "private_memory", "start_va": 10747904, "timestamp": "00:00:42.919", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 20316160, "type": "region", "version": 1 }, "end_va": 20410367, "entry_point": 20316160, "filename": "\\Windows\\SysWOW64\\nslookup.exe", "id": "region_507", "name": "nslookup.exe", "norm_filename": "c:\\windows\\syswow64\\nslookup.exe", "region_type": "memory_mapped_file", "start_va": 20316160, "timestamp": "00:00:42.920", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 20447232, "type": "region", "version": 1 }, "end_va": 87556095, "entry_point": 0, "filename": null, "id": "region_508", "name": "pagefile_0x0000000001380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 20447232, "timestamp": "00:00:42.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 1998127104, "type": "region", "version": 1 }, "end_va": 1999671295, "entry_point": 1998127104, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_509", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 1998127104, "timestamp": "00:00:42.980", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2126118912, "type": "region", "version": 1 }, "end_va": 2126262271, "entry_point": 0, "filename": null, "id": "region_510", "name": "pagefile_0x000000007eba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2126118912, "timestamp": "00:00:42.980", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000511-addr_0x000000007ebc3000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_645", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2126262272, "type": "region", "version": 1 }, "end_va": 2126266367, "entry_point": 0, "filename": null, "id": "region_511", "name": "private_0x000000007ebc3000", "norm_filename": null, "region_type": "private_memory", "start_va": 2126262272, "timestamp": "00:00:42.980", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000512-addr_0x000000007ebcc000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_646", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2126299136, "type": "region", "version": 1 }, "end_va": 2126311423, "entry_point": 0, "filename": null, "id": "region_512", "name": "private_0x000000007ebcc000", "norm_filename": null, "region_type": "private_memory", "start_va": 2126299136, "timestamp": "00:00:42.980", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000513-addr_0x000000007ebcf000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_647", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 2126311424, "type": "region", "version": 1 }, "end_va": 2126315519, "entry_point": 0, "filename": null, "id": "region_513", "name": "private_0x000000007ebcf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2126311424, "timestamp": "00:00:42.980", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000514-addr_0x000000007ffe0000-size_0x0000000000010000-perm_r.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable" ], "ref_process_dump": { "ref_id": "proc_dump_648", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_514", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:00:42.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138515869466624, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138518016884735, "entry_point": 0, "filename": null, "id": "region_515", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:00:42.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138518016884736, "type": "region", "version": 1 }, "end_va": 140717040140287, "entry_point": 0, "filename": null, "id": "region_516", "name": "pagefile_0x00007dfb3d310000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138518016884736, "timestamp": "00:00:42.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140717040140288, "type": "region", "version": 1 }, "end_va": 140717041983487, "entry_point": 140717040140288, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_517", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140717040140288, "timestamp": "00:00:42.981", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20446306304, "start_va": 140717041983488, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_518", "name": "private_0x00007ffb3d4d2000", "norm_filename": null, "region_type": "private_memory", "start_va": 140717041983488, "timestamp": "00:00:42.981", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000519-addr_0x0000000000be0000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_649", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 12451840, "type": "region", "version": 1 }, "end_va": 12517375, "entry_point": 0, "filename": null, "id": "region_519", "name": "private_0x0000000000be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12451840, "timestamp": "00:00:42.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1553989632, "type": "region", "version": 1 }, "end_va": 1554460671, "entry_point": 1553989632, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_520", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1553989632, "timestamp": "00:00:42.992", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1554513920, "type": "region", "version": 1 }, "end_va": 1554837503, "entry_point": 1554513920, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_521", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1554513920, "timestamp": "00:00:42.992", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000522-addr_0x0000000000cc0000-size_0x0000000000100000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_650", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 1048576, "start_va": 13369344, "type": "region", "version": 1 }, "end_va": 14417919, "entry_point": 0, "filename": null, "id": "region_522", "name": "private_0x0000000000cc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 13369344, "timestamp": "00:00:43.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1553924096, "type": "region", "version": 1 }, "end_va": 1553956863, "entry_point": 1553924096, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_523", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1553924096, "timestamp": "00:00:43.004", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 9830399, "entry_point": 0, "filename": null, "id": "region_595", "name": "pagefile_0x0000000000950000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9764864, "timestamp": "00:00:45.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 10813440, "type": "region", "version": 1 }, "end_va": 11591679, "entry_point": 10813440, "filename": "\\Windows\\System32\\locale.nls", "id": "region_596", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 10813440, "timestamp": "00:00:45.492", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1978793984, "type": "region", "version": 1 }, "end_va": 1980325887, "entry_point": 1978793984, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_597", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1978793984, "timestamp": "00:00:45.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1992032256, "type": "region", "version": 1 }, "end_va": 1993015295, "entry_point": 1992032256, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_598", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1992032256, "timestamp": "00:00:45.493", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2125070336, "type": "region", "version": 1 }, "end_va": 2126118911, "entry_point": 0, "filename": null, "id": "region_599", "name": "pagefile_0x000000007eaa0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2125070336, "timestamp": "00:00:45.493", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000600-addr_0x0000000000960000-size_0x0000000000004000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_677", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 16384, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 9846783, "entry_point": 0, "filename": null, "id": "region_600", "name": "private_0x0000000000960000", "norm_filename": null, "region_type": "private_memory", "start_va": 9830400, "timestamp": "00:00:45.508", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000601-addr_0x0000000000b10000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_678", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 11599872, "type": "region", "version": 1 }, "end_va": 11862015, "entry_point": 0, "filename": null, "id": "region_601", "name": "private_0x0000000000b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 11599872, "timestamp": "00:00:45.508", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000602-addr_0x0000000000b50000-size_0x0000000000040000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_679", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 262144, "start_va": 11862016, "type": "region", "version": 1 }, "end_va": 12124159, "entry_point": 0, "filename": null, "id": "region_602", "name": "private_0x0000000000b50000", "norm_filename": null, "region_type": "private_memory", "start_va": 11862016, "timestamp": "00:00:45.508", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000603-addr_0x0000000000f60000-size_0x0000000000010000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_680", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 65536, "start_va": 16121856, "type": "region", "version": 1 }, "end_va": 16187391, "entry_point": 0, "filename": null, "id": "region_603", "name": "private_0x0000000000f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 16121856, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1930297344, "type": "region", "version": 1 }, "end_va": 1930838015, "entry_point": 1930297344, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_604", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1930297344, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1930887168, "type": "region", "version": 1 }, "end_va": 1931206655, "entry_point": 1930887168, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_605", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1930887168, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1948450816, "type": "region", "version": 1 }, "end_va": 1948815359, "entry_point": 1948450816, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_606", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1948450816, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1948844032, "type": "region", "version": 1 }, "end_va": 1948884991, "entry_point": 1948844032, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_607", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1948844032, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1948909568, "type": "region", "version": 1 }, "end_va": 1949032447, "entry_point": 1948909568, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_608", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1948909568, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 1974992896, "type": "region", "version": 1 }, "end_va": 1975771135, "entry_point": 1974992896, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_609", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 1974992896, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1978073088, "type": "region", "version": 1 }, "end_va": 1978777599, "entry_point": 1978073088, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_610", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1978073088, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1980366848, "type": "region", "version": 1 }, "end_va": 1980641279, "entry_point": 1980366848, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_611", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1980366848, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1984364544, "type": "region", "version": 1 }, "end_va": 1984741375, "entry_point": 1984364544, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_612", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1984364544, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1996750848, "type": "region", "version": 1 }, "end_va": 1996779519, "entry_point": 1996750848, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_613", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1996750848, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000614-addr_0x000000007ebc9000-size_0x0000000000003000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_681", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 12288, "start_va": 2126286848, "type": "region", "version": 1 }, "end_va": 2126299135, "entry_point": 0, "filename": null, "id": "region_614", "name": "private_0x000000007ebc9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2126286848, "timestamp": "00:00:45.509", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1929773056, "type": "region", "version": 1 }, "end_va": 1929846783, "entry_point": 1929773056, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_615", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1929773056, "timestamp": "00:00:45.520", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1929641984, "type": "region", "version": 1 }, "end_va": 1929732095, "entry_point": 1929641984, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_616", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1929641984, "timestamp": "00:00:45.569", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1929510912, "type": "region", "version": 1 }, "end_va": 1929588735, "entry_point": 1929510912, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_617", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1929510912, "timestamp": "00:00:45.615", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1952710655, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_618", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:00:45.674", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1989869568, "type": "region", "version": 1 }, "end_va": 1991233535, "entry_point": 1989869568, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_619", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1989869568, "timestamp": "00:00:45.676", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 12124160, "type": "region", "version": 1 }, "end_va": 12296191, "entry_point": 12124160, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_620", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 12124160, "timestamp": "00:00:45.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 14417920, "type": "region", "version": 1 }, "end_va": 16023551, "entry_point": 0, "filename": null, "id": "region_621", "name": "pagefile_0x0000000000dc0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 14417920, "timestamp": "00:00:45.679", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953869823, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_622", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:00:45.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1996947456, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1996947456, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_623", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1996947456, "timestamp": "00:00:45.682", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 9895936, "type": "region", "version": 1 }, "end_va": 9916415, "entry_point": 9895936, "filename": "\\Windows\\SysWOW64\\en-US\\nslookup.exe.mui", "id": "region_624", "name": "nslookup.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\nslookup.exe.mui", "region_type": "memory_mapped_file", "start_va": 9895936, "timestamp": "00:00:45.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 16187392, "type": "region", "version": 1 }, "end_va": 17764351, "entry_point": 0, "filename": null, "id": "region_625", "name": "pagefile_0x0000000000f70000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 16187392, "timestamp": "00:00:45.691", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 87556096, "type": "region", "version": 1 }, "end_va": 108527615, "entry_point": 0, "filename": null, "id": "region_626", "name": "pagefile_0x0000000005380000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 87556096, "timestamp": "00:00:45.691", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000627-addr_0x0000000000b90000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_682", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 12124160, "type": "region", "version": 1 }, "end_va": 12128255, "entry_point": 0, "filename": null, "id": "region_627", "name": "private_0x0000000000b90000", "norm_filename": null, "region_type": "private_memory", "start_va": 12124160, "timestamp": "00:00:45.699", "type": "region", "version": 1 }, { "dump": { "filename": "process_00000002-region_00000628-addr_0x0000000000ba0000-size_0x0000000000001000-perm_rw.bin", "flags": [ "dumped" ], "info": "Region dumped", "permissions": [ "readable", "writable" ], "ref_process_dump": { "ref_id": "proc_dump_683", "ref_source": "summary", "ref_type": "process_dump", "type": "reference", "version": 1 }, "size": 4096, "start_va": 12189696, "type": "region", "version": 1 }, "end_va": 12193791, "entry_point": 0, "filename": null, "id": "region_628", "name": "private_0x0000000000ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 12189696, "timestamp": "00:00:45.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1929445376, "type": "region", "version": 1 }, "end_va": 1929490431, "entry_point": 1929445376, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_629", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1929445376, "timestamp": "00:00:45.700", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1930231808, "type": "region", "version": 1 }, "end_va": 1930264575, "entry_point": 1930231808, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_630", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1930231808, "timestamp": "00:00:45.727", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1932001280, "type": "region", "version": 1 }, "end_va": 1932197887, "entry_point": 1932001280, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_631", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1932001280, "timestamp": "00:00:45.729", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1931935744, "type": "region", "version": 1 }, "end_va": 1931968511, "entry_point": 1931935744, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_632", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1931935744, "timestamp": "00:00:45.730", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1929904128, "type": "region", "version": 1 }, "end_va": 1930190847, "entry_point": 1929904128, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_633", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1929904128, "timestamp": "00:00:45.733", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1933639680, "type": "region", "version": 1 }, "end_va": 1933750271, "entry_point": 1933639680, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_634", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1933639680, "timestamp": "00:00:45.734", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\tubcvd.exe\" ", "filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\tubcvd.exe", "id": "proc_4", "image_name": "tubcvd.exe", "monitor_reason": "autostart", "monitored_id": 4, "origin_monitor_id": 0, "ref_parent_process": null, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_2380", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:01:58.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_2381", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:58.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_2382", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:01:58.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 655359, "entry_point": 0, "filename": null, "id": "region_2383", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:01:58.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_2384", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:01:58.473", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4354047, "entry_point": 4194304, "filename": "\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\tubcvd.exe", "id": "region_2385", "name": "tubcvd.exe", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\tubcvd.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:01:58.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002620415, "entry_point": 2001076224, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2386", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:01:58.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_2387", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:01:58.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_2388", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:01:58.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_2389", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:01:58.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_2390", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:01:58.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2391", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:01:58.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140709276942336, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140711424360447, "entry_point": 0, "filename": null, "id": "region_2392", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:01:58.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140711424360448, "type": "region", "version": 1 }, "end_va": 140711426203647, "entry_point": 140711424360448, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2393", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140711424360448, "timestamp": "00:01:58.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 26062086144, "start_va": 140711426203648, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_2394", "name": "private_0x00007ff9ee932000", "norm_filename": null, "region_type": "private_memory", "start_va": 140711426203648, "timestamp": "00:01:58.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1720319, "entry_point": 0, "filename": null, "id": "region_2533", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:01:58.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_2534", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:01:58.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_2535", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:01:58.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 1966079, "entry_point": 0, "filename": null, "id": "region_2536", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:01:58.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1942814720, "type": "region", "version": 1 }, "end_va": 1943138303, "entry_point": 1942814720, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2537", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942814720, "timestamp": "00:01:58.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1943207936, "type": "region", "version": 1 }, "end_va": 1943678975, "entry_point": 1943207936, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2538", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1943207936, "timestamp": "00:01:58.614", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943142400, "type": "region", "version": 1 }, "end_va": 1943175167, "entry_point": 1943142400, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2539", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943142400, "timestamp": "00:01:58.619", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_2540", "name": "private_0x0000000000290000", "norm_filename": null, "region_type": "private_memory", "start_va": 2686976, "timestamp": "00:01:58.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1953652735, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2541", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:01:58.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1954021376, "type": "region", "version": 1 }, "end_va": 1955004415, "entry_point": 1954021376, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2542", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1954021376, "timestamp": "00:01:58.624", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_2543", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:01:58.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5169151, "entry_point": 4390912, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2544", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 4390912, "timestamp": "00:01:58.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1951338495, "entry_point": 1950744576, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_2545", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:01:58.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2146107392, "type": "region", "version": 1 }, "end_va": 2147155967, "entry_point": 0, "filename": null, "id": "region_2546", "name": "pagefile_0x000000007feb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2146107392, "timestamp": "00:01:58.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 147455, "entry_point": 0, "filename": null, "id": "region_2547", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_2548", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5177344, "type": "region", "version": 1 }, "end_va": 6225919, "entry_point": 0, "filename": null, "id": "region_2549", "name": "private_0x00000000004f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 5177344, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1950679040, "type": "region", "version": 1 }, "end_va": 1950703615, "entry_point": 1950679040, "filename": "\\Windows\\SysWOW64\\msimg32.dll", "id": "region_2550", "name": "msimg32.dll", "norm_filename": "c:\\windows\\syswow64\\msimg32.dll", "region_type": "memory_mapped_file", "start_va": 1950679040, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1951764479, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_2551", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1951793152, "type": "region", "version": 1 }, "end_va": 1951834111, "entry_point": 1951793152, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2552", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1951793152, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1951858688, "type": "region", "version": 1 }, "end_va": 1951981567, "entry_point": 1951858688, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2553", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1951858688, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953968127, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2554", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1959051263, "entry_point": 1958346752, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2555", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959833599, "entry_point": 1959329792, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_2556", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970982911, "entry_point": 1969618944, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2557", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1996816384, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2558", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 2000289792, "type": "region", "version": 1 }, "end_va": 2001068031, "entry_point": 2000289792, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2559", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000289792, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_2560", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:01:58.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6225920, "type": "region", "version": 1 }, "end_va": 7831551, "entry_point": 0, "filename": null, "id": "region_2561", "name": "pagefile_0x00000000005f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6225920, "timestamp": "00:01:58.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 8978431, "entry_point": 0, "filename": null, "id": "region_2562", "name": "private_0x0000000000880000", "norm_filename": null, "region_type": "private_memory", "start_va": 8912896, "timestamp": "00:01:58.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1956511743, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2563", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:01:58.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1998696447, "entry_point": 1998520320, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2564", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:01:58.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_2565", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:01:58.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_2566", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:01:58.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_2567", "name": "private_0x0000000000780000", "norm_filename": null, "region_type": "private_memory", "start_va": 7864320, "timestamp": "00:01:58.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 8978432, "type": "region", "version": 1 }, "end_va": 10555391, "entry_point": 0, "filename": null, "id": "region_2568", "name": "pagefile_0x0000000000890000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8978432, "timestamp": "00:01:58.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 10616832, "type": "region", "version": 1 }, "end_va": 31588351, "entry_point": 0, "filename": null, "id": "region_2569", "name": "pagefile_0x0000000000a20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 10616832, "timestamp": "00:01:58.692", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2367487, "entry_point": 0, "filename": null, "id": "region_2570", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:02:00.415", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20705280, "start_va": 1976107008, "type": "region", "version": 1 }, "end_va": 1996812287, "entry_point": 1976107008, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_2571", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1976107008, "timestamp": "00:02:00.474", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5099520, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1976094719, "entry_point": 1970995200, "filename": "\\Windows\\SysWOW64\\windows.storage.dll", "id": "region_2572", "name": "windows.storage.dll", "norm_filename": "c:\\windows\\syswow64\\windows.storage.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:02:00.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1958322175, "entry_point": 1956511744, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_2573", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:02:00.475", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1963982848, "type": "region", "version": 1 }, "end_va": 1964261375, "entry_point": 1963982848, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_2574", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963982848, "timestamp": "00:02:00.476", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1969553408, "type": "region", "version": 1 }, "end_va": 1969602559, "entry_point": 1969553408, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_2575", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1969553408, "timestamp": "00:02:00.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966002175, "entry_point": 1965424640, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_2576", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:02:00.477", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1961820160, "type": "region", "version": 1 }, "end_va": 1962098687, "entry_point": 1961820160, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_2577", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1961820160, "timestamp": "00:02:00.478", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1998782464, "type": "region", "version": 1 }, "end_va": 1998843903, "entry_point": 1998782464, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_2578", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1998782464, "timestamp": "00:02:00.479", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1527808, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1961381887, "entry_point": 1959854080, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_2579", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:02:00.485", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965023231, "entry_point": 1964965888, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_2580", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:02:00.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2244608, "start_va": 1948385280, "type": "region", "version": 1 }, "end_va": 1950629887, "entry_point": 1948385280, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_2581", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1948385280, "timestamp": "00:02:00.521", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1947598848, "type": "region", "version": 1 }, "end_va": 1948381183, "entry_point": 1947598848, "filename": "\\Windows\\SysWOW64\\msvcr100.dll", "id": "region_2582", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\syswow64\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1947598848, "timestamp": "00:02:00.610", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 31588352, "type": "region", "version": 1 }, "end_va": 33423359, "entry_point": 0, "filename": null, "id": "region_2583", "name": "private_0x0000000001e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 31588352, "timestamp": "00:02:00.623", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_2584", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:02:01.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2363391, "entry_point": 0, "filename": null, "id": "region_2585", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:02:01.630", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_2586", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:02:01.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31588352, "type": "region", "version": 1 }, "end_va": 32636927, "entry_point": 0, "filename": null, "id": "region_2587", "name": "private_0x0000000001e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 31588352, "timestamp": "00:02:01.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 33357824, "type": "region", "version": 1 }, "end_va": 33423359, "entry_point": 0, "filename": null, "id": "region_2588", "name": "private_0x0000000001fd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 33357824, "timestamp": "00:02:01.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_2589", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:02:01.631", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1947074560, "type": "region", "version": 1 }, "end_va": 1947553791, "entry_point": 1947074560, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_2590", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1947074560, "timestamp": "00:02:01.633", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 983040, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 8847359, "entry_point": 0, "filename": null, "id": "region_2591", "name": "private_0x0000000000780000", "norm_filename": null, "region_type": "private_memory", "start_va": 7864320, "timestamp": "00:02:01.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_2592", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:02:01.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_2593", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:02:01.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 753664, "start_va": 7864320, "type": "region", "version": 1 }, "end_va": 8617983, "entry_point": 0, "filename": null, "id": "region_2594", "name": "pagefile_0x0000000000780000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 7864320, "timestamp": "00:02:01.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8781824, "type": "region", "version": 1 }, "end_va": 8847359, "entry_point": 0, "filename": null, "id": "region_2595", "name": "private_0x0000000000860000", "norm_filename": null, "region_type": "private_memory", "start_va": 8781824, "timestamp": "00:02:01.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2572287, "entry_point": 0, "filename": null, "id": "region_2596", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:02:01.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1946943488, "type": "region", "version": 1 }, "end_va": 1947062271, "entry_point": 1946943488, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_2597", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1946943488, "timestamp": "00:02:01.655", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2637823, "entry_point": 0, "filename": null, "id": "region_2598", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:02:01.667", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 24576, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3760127, "entry_point": 0, "filename": null, "id": "region_2599", "name": "pagefile_0x0000000000390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3735552, "timestamp": "00:02:01.681", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 3801088, "type": "region", "version": 1 }, "end_va": 3805183, "entry_point": 0, "filename": null, "id": "region_2600", "name": "pagefile_0x00000000003a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3801088, "timestamp": "00:02:01.686", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 32636928, "type": "region", "version": 1 }, "end_va": 33161215, "entry_point": 0, "filename": null, "id": "region_2601", "name": "private_0x0000000001f20000", "norm_filename": null, "region_type": "private_memory", "start_va": 32636928, "timestamp": "00:02:01.687", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 33423360, "type": "region", "version": 1 }, "end_va": 36794367, "entry_point": 33423360, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_2602", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 33423360, "timestamp": "00:02:01.688", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 3735552, "type": "region", "version": 1 }, "end_va": 3739647, "entry_point": 0, "filename": null, "id": "region_2603", "name": "private_0x0000000000390000", "norm_filename": null, "region_type": "private_memory", "start_va": 3735552, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 37879808, "type": "region", "version": 1 }, "end_va": 38141951, "entry_point": 0, "filename": null, "id": "region_2604", "name": "private_0x0000000002420000", "norm_filename": null, "region_type": "private_memory", "start_va": 37879808, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38141952, "type": "region", "version": 1 }, "end_va": 39190527, "entry_point": 0, "filename": null, "id": "region_2605", "name": "private_0x0000000002460000", "norm_filename": null, "region_type": "private_memory", "start_va": 38141952, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 39190528, "type": "region", "version": 1 }, "end_va": 39452671, "entry_point": 0, "filename": null, "id": "region_2606", "name": "private_0x0000000002560000", "norm_filename": null, "region_type": "private_memory", "start_va": 39190528, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39452672, "type": "region", "version": 1 }, "end_va": 40501247, "entry_point": 0, "filename": null, "id": "region_2607", "name": "private_0x00000000025a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 39452672, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 40501248, "type": "region", "version": 1 }, "end_va": 40763391, "entry_point": 0, "filename": null, "id": "region_2608", "name": "private_0x00000000026a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40501248, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40763392, "type": "region", "version": 1 }, "end_va": 41811967, "entry_point": 0, "filename": null, "id": "region_2609", "name": "private_0x00000000026e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 40763392, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41811968, "type": "region", "version": 1 }, "end_va": 42074111, "entry_point": 0, "filename": null, "id": "region_2610", "name": "private_0x00000000027e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 41811968, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42074112, "type": "region", "version": 1 }, "end_va": 43122687, "entry_point": 0, "filename": null, "id": "region_2611", "name": "private_0x0000000002820000", "norm_filename": null, "region_type": "private_memory", "start_va": 42074112, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43122688, "type": "region", "version": 1 }, "end_va": 43384831, "entry_point": 0, "filename": null, "id": "region_2612", "name": "private_0x0000000002920000", "norm_filename": null, "region_type": "private_memory", "start_va": 43122688, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43384832, "type": "region", "version": 1 }, "end_va": 44433407, "entry_point": 0, "filename": null, "id": "region_2613", "name": "private_0x0000000002960000", "norm_filename": null, "region_type": "private_memory", "start_va": 43384832, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44433408, "type": "region", "version": 1 }, "end_va": 44695551, "entry_point": 0, "filename": null, "id": "region_2614", "name": "private_0x0000000002a60000", "norm_filename": null, "region_type": "private_memory", "start_va": 44433408, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44695552, "type": "region", "version": 1 }, "end_va": 45744127, "entry_point": 0, "filename": null, "id": "region_2615", "name": "private_0x0000000002aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44695552, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45744128, "type": "region", "version": 1 }, "end_va": 46006271, "entry_point": 0, "filename": null, "id": "region_2616", "name": "private_0x0000000002ba0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45744128, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 46006272, "type": "region", "version": 1 }, "end_va": 47054847, "entry_point": 0, "filename": null, "id": "region_2617", "name": "private_0x0000000002be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 46006272, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 47054848, "type": "region", "version": 1 }, "end_va": 47316991, "entry_point": 0, "filename": null, "id": "region_2618", "name": "private_0x0000000002ce0000", "norm_filename": null, "region_type": "private_memory", "start_va": 47054848, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47316992, "type": "region", "version": 1 }, "end_va": 48365567, "entry_point": 0, "filename": null, "id": "region_2619", "name": "private_0x0000000002d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 47316992, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 48365568, "type": "region", "version": 1 }, "end_va": 48627711, "entry_point": 0, "filename": null, "id": "region_2620", "name": "private_0x0000000002e20000", "norm_filename": null, "region_type": "private_memory", "start_va": 48365568, "timestamp": "00:02:01.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 48627712, "type": "region", "version": 1 }, "end_va": 49676287, "entry_point": 0, "filename": null, "id": "region_2621", "name": "private_0x0000000002e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 48627712, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 49676288, "type": "region", "version": 1 }, "end_va": 49938431, "entry_point": 0, "filename": null, "id": "region_2622", "name": "private_0x0000000002f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 49676288, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 49938432, "type": "region", "version": 1 }, "end_va": 50987007, "entry_point": 0, "filename": null, "id": "region_2623", "name": "private_0x0000000002fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 49938432, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 50987008, "type": "region", "version": 1 }, "end_va": 51249151, "entry_point": 0, "filename": null, "id": "region_2624", "name": "private_0x00000000030a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50987008, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 51249152, "type": "region", "version": 1 }, "end_va": 52297727, "entry_point": 0, "filename": null, "id": "region_2625", "name": "private_0x00000000030e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51249152, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 52297728, "type": "region", "version": 1 }, "end_va": 52559871, "entry_point": 0, "filename": null, "id": "region_2626", "name": "private_0x00000000031e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 52297728, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 52559872, "type": "region", "version": 1 }, "end_va": 53608447, "entry_point": 0, "filename": null, "id": "region_2627", "name": "private_0x0000000003220000", "norm_filename": null, "region_type": "private_memory", "start_va": 52559872, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 53608448, "type": "region", "version": 1 }, "end_va": 53870591, "entry_point": 0, "filename": null, "id": "region_2628", "name": "private_0x0000000003320000", "norm_filename": null, "region_type": "private_memory", "start_va": 53608448, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 53870592, "type": "region", "version": 1 }, "end_va": 54919167, "entry_point": 0, "filename": null, "id": "region_2629", "name": "private_0x0000000003360000", "norm_filename": null, "region_type": "private_memory", "start_va": 53870592, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 54919168, "type": "region", "version": 1 }, "end_va": 55181311, "entry_point": 0, "filename": null, "id": "region_2630", "name": "private_0x0000000003460000", "norm_filename": null, "region_type": "private_memory", "start_va": 54919168, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 55181312, "type": "region", "version": 1 }, "end_va": 56229887, "entry_point": 0, "filename": null, "id": "region_2631", "name": "private_0x00000000034a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55181312, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 56229888, "type": "region", "version": 1 }, "end_va": 56492031, "entry_point": 0, "filename": null, "id": "region_2632", "name": "private_0x00000000035a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56229888, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 56492032, "type": "region", "version": 1 }, "end_va": 57540607, "entry_point": 0, "filename": null, "id": "region_2633", "name": "private_0x00000000035e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56492032, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 57540608, "type": "region", "version": 1 }, "end_va": 57802751, "entry_point": 0, "filename": null, "id": "region_2634", "name": "private_0x00000000036e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 57540608, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 57802752, "type": "region", "version": 1 }, "end_va": 58851327, "entry_point": 0, "filename": null, "id": "region_2635", "name": "private_0x0000000003720000", "norm_filename": null, "region_type": "private_memory", "start_va": 57802752, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 58851328, "type": "region", "version": 1 }, "end_va": 59113471, "entry_point": 0, "filename": null, "id": "region_2636", "name": "private_0x0000000003820000", "norm_filename": null, "region_type": "private_memory", "start_va": 58851328, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 59113472, "type": "region", "version": 1 }, "end_va": 60162047, "entry_point": 0, "filename": null, "id": "region_2637", "name": "private_0x0000000003860000", "norm_filename": null, "region_type": "private_memory", "start_va": 59113472, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 60162048, "type": "region", "version": 1 }, "end_va": 60424191, "entry_point": 0, "filename": null, "id": "region_2638", "name": "private_0x0000000003960000", "norm_filename": null, "region_type": "private_memory", "start_va": 60162048, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 60424192, "type": "region", "version": 1 }, "end_va": 61472767, "entry_point": 0, "filename": null, "id": "region_2639", "name": "private_0x00000000039a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 60424192, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 61472768, "type": "region", "version": 1 }, "end_va": 61734911, "entry_point": 0, "filename": null, "id": "region_2640", "name": "private_0x0000000003aa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 61472768, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 61734912, "type": "region", "version": 1 }, "end_va": 62783487, "entry_point": 0, "filename": null, "id": "region_2641", "name": "private_0x0000000003ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 61734912, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 62783488, "type": "region", "version": 1 }, "end_va": 63045631, "entry_point": 0, "filename": null, "id": "region_2642", "name": "private_0x0000000003be0000", "norm_filename": null, "region_type": "private_memory", "start_va": 62783488, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 63045632, "type": "region", "version": 1 }, "end_va": 64094207, "entry_point": 0, "filename": null, "id": "region_2643", "name": "private_0x0000000003c20000", "norm_filename": null, "region_type": "private_memory", "start_va": 63045632, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 64094208, "type": "region", "version": 1 }, "end_va": 64356351, "entry_point": 0, "filename": null, "id": "region_2644", "name": "private_0x0000000003d20000", "norm_filename": null, "region_type": "private_memory", "start_va": 64094208, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 64356352, "type": "region", "version": 1 }, "end_va": 65404927, "entry_point": 0, "filename": null, "id": "region_2645", "name": "private_0x0000000003d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 64356352, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 65404928, "type": "region", "version": 1 }, "end_va": 65667071, "entry_point": 0, "filename": null, "id": "region_2646", "name": "private_0x0000000003e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 65404928, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 65667072, "type": "region", "version": 1 }, "end_va": 66715647, "entry_point": 0, "filename": null, "id": "region_2647", "name": "private_0x0000000003ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 65667072, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 66715648, "type": "region", "version": 1 }, "end_va": 66977791, "entry_point": 0, "filename": null, "id": "region_2648", "name": "private_0x0000000003fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66715648, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 66977792, "type": "region", "version": 1 }, "end_va": 68026367, "entry_point": 0, "filename": null, "id": "region_2649", "name": "private_0x0000000003fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66977792, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 68026368, "type": "region", "version": 1 }, "end_va": 68288511, "entry_point": 0, "filename": null, "id": "region_2650", "name": "private_0x00000000040e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 68026368, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 68288512, "type": "region", "version": 1 }, "end_va": 69337087, "entry_point": 0, "filename": null, "id": "region_2651", "name": "private_0x0000000004120000", "norm_filename": null, "region_type": "private_memory", "start_va": 68288512, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 69337088, "type": "region", "version": 1 }, "end_va": 69599231, "entry_point": 0, "filename": null, "id": "region_2652", "name": "private_0x0000000004220000", "norm_filename": null, "region_type": "private_memory", "start_va": 69337088, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 69599232, "type": "region", "version": 1 }, "end_va": 70647807, "entry_point": 0, "filename": null, "id": "region_2653", "name": "private_0x0000000004260000", "norm_filename": null, "region_type": "private_memory", "start_va": 69599232, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 70647808, "type": "region", "version": 1 }, "end_va": 70909951, "entry_point": 0, "filename": null, "id": "region_2654", "name": "private_0x0000000004360000", "norm_filename": null, "region_type": "private_memory", "start_va": 70647808, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 70909952, "type": "region", "version": 1 }, "end_va": 71958527, "entry_point": 0, "filename": null, "id": "region_2655", "name": "private_0x00000000043a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 70909952, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 71958528, "type": "region", "version": 1 }, "end_va": 72220671, "entry_point": 0, "filename": null, "id": "region_2656", "name": "private_0x00000000044a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 71958528, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 72220672, "type": "region", "version": 1 }, "end_va": 73269247, "entry_point": 0, "filename": null, "id": "region_2657", "name": "private_0x00000000044e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72220672, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 73269248, "type": "region", "version": 1 }, "end_va": 73531391, "entry_point": 0, "filename": null, "id": "region_2658", "name": "private_0x00000000045e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 73269248, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 73531392, "type": "region", "version": 1 }, "end_va": 74579967, "entry_point": 0, "filename": null, "id": "region_2659", "name": "private_0x0000000004620000", "norm_filename": null, "region_type": "private_memory", "start_va": 73531392, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 74579968, "type": "region", "version": 1 }, "end_va": 74842111, "entry_point": 0, "filename": null, "id": "region_2660", "name": "private_0x0000000004720000", "norm_filename": null, "region_type": "private_memory", "start_va": 74579968, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 74842112, "type": "region", "version": 1 }, "end_va": 75890687, "entry_point": 0, "filename": null, "id": "region_2661", "name": "private_0x0000000004760000", "norm_filename": null, "region_type": "private_memory", "start_va": 74842112, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 75890688, "type": "region", "version": 1 }, "end_va": 76152831, "entry_point": 0, "filename": null, "id": "region_2662", "name": "private_0x0000000004860000", "norm_filename": null, "region_type": "private_memory", "start_va": 75890688, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 76152832, "type": "region", "version": 1 }, "end_va": 77201407, "entry_point": 0, "filename": null, "id": "region_2663", "name": "private_0x00000000048a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76152832, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 77201408, "type": "region", "version": 1 }, "end_va": 77463551, "entry_point": 0, "filename": null, "id": "region_2664", "name": "private_0x00000000049a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77201408, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 77463552, "type": "region", "version": 1 }, "end_va": 78512127, "entry_point": 0, "filename": null, "id": "region_2665", "name": "private_0x00000000049e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77463552, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2145714176, "type": "region", "version": 1 }, "end_va": 2145726463, "entry_point": 0, "filename": null, "id": "region_2666", "name": "private_0x000000007fe50000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145714176, "timestamp": "00:02:01.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2145726464, "type": "region", "version": 1 }, "end_va": 2145738751, "entry_point": 0, "filename": null, "id": "region_2667", "name": "private_0x000000007fe53000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145726464, "timestamp": "00:02:01.785", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "nslookup gandcrab.bit a.dnspod.com", "filename": "c:\\windows\\syswow64\\nslookup.exe", "id": "proc_5", "image_name": "nslookup.exe", "monitor_reason": "child_process", "monitored_id": 5, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3305471, "entry_point": 3211264, "filename": "\\Windows\\SysWOW64\\nslookup.exe", "id": "region_2828", "name": "nslookup.exe", "norm_filename": "c:\\windows\\syswow64\\nslookup.exe", "region_type": "memory_mapped_file", "start_va": 3211264, "timestamp": "00:02:08.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 8323072, "type": "region", "version": 1 }, "end_va": 75431935, "entry_point": 0, "filename": null, "id": "region_2829", "name": "pagefile_0x00000000007f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8323072, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 75431936, "type": "region", "version": 1 }, "end_va": 75563007, "entry_point": 0, "filename": null, "id": "region_2830", "name": "private_0x00000000047f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 75431936, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 75563008, "type": "region", "version": 1 }, "end_va": 75571199, "entry_point": 0, "filename": null, "id": "region_2831", "name": "private_0x0000000004810000", "norm_filename": null, "region_type": "private_memory", "start_va": 75563008, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 75628544, "type": "region", "version": 1 }, "end_va": 75710463, "entry_point": 0, "filename": null, "id": "region_2832", "name": "pagefile_0x0000000004820000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 75628544, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 75759616, "type": "region", "version": 1 }, "end_va": 76021759, "entry_point": 0, "filename": null, "id": "region_2833", "name": "private_0x0000000004840000", "norm_filename": null, "region_type": "private_memory", "start_va": 75759616, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 76021760, "type": "region", "version": 1 }, "end_va": 76283903, "entry_point": 0, "filename": null, "id": "region_2834", "name": "private_0x0000000004880000", "norm_filename": null, "region_type": "private_memory", "start_va": 76021760, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 76283904, "type": "region", "version": 1 }, "end_va": 76300287, "entry_point": 0, "filename": null, "id": "region_2835", "name": "pagefile_0x00000000048c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 76283904, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 76349440, "type": "region", "version": 1 }, "end_va": 76353535, "entry_point": 0, "filename": null, "id": "region_2836", "name": "pagefile_0x00000000048d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 76349440, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 76414976, "type": "region", "version": 1 }, "end_va": 76423167, "entry_point": 0, "filename": null, "id": "region_2837", "name": "private_0x00000000048e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76414976, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002620415, "entry_point": 2001076224, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_2838", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130968576, "type": "region", "version": 1 }, "end_va": 2131111935, "entry_point": 0, "filename": null, "id": "region_2839", "name": "pagefile_0x000000007f040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130968576, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2131116032, "type": "region", "version": 1 }, "end_va": 2131120127, "entry_point": 0, "filename": null, "id": "region_2840", "name": "private_0x000000007f064000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131116032, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2131148800, "type": "region", "version": 1 }, "end_va": 2131161087, "entry_point": 0, "filename": null, "id": "region_2841", "name": "private_0x000000007f06c000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131148800, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2131161088, "type": "region", "version": 1 }, "end_va": 2131165183, "entry_point": 0, "filename": null, "id": "region_2842", "name": "private_0x000000007f06f000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131161088, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_2843", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138510253686784, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138512401104895, "entry_point": 0, "filename": null, "id": "region_2844", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138512401104896, "type": "region", "version": 1 }, "end_va": 140711424360447, "entry_point": 0, "filename": null, "id": "region_2845", "name": "pagefile_0x00007df9ee770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138512401104896, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140711424360448, "type": "region", "version": 1 }, "end_va": 140711426203647, "entry_point": 140711424360448, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_2846", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140711424360448, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 26062086144, "start_va": 140711426203648, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_2847", "name": "private_0x00007ff9ee932000", "norm_filename": null, "region_type": "private_memory", "start_va": 140711426203648, "timestamp": "00:02:08.387", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 77070336, "type": "region", "version": 1 }, "end_va": 77135871, "entry_point": 0, "filename": null, "id": "region_2848", "name": "private_0x0000000004980000", "norm_filename": null, "region_type": "private_memory", "start_va": 77070336, "timestamp": "00:02:08.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1942814720, "type": "region", "version": 1 }, "end_va": 1943138303, "entry_point": 1942814720, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_2849", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942814720, "timestamp": "00:02:08.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1943207936, "type": "region", "version": 1 }, "end_va": 1943678975, "entry_point": 1943207936, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_2850", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1943207936, "timestamp": "00:02:08.395", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 78708736, "type": "region", "version": 1 }, "end_va": 79757311, "entry_point": 0, "filename": null, "id": "region_2851", "name": "private_0x0000000004b10000", "norm_filename": null, "region_type": "private_memory", "start_va": 78708736, "timestamp": "00:02:08.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943142400, "type": "region", "version": 1 }, "end_va": 1943175167, "entry_point": 1943142400, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_2852", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943142400, "timestamp": "00:02:08.403", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 75431936, "type": "region", "version": 1 }, "end_va": 75497471, "entry_point": 0, "filename": null, "id": "region_2853", "name": "pagefile_0x00000000047f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 75431936, "timestamp": "00:02:08.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 77135872, "type": "region", "version": 1 }, "end_va": 77914111, "entry_point": 77135872, "filename": "\\Windows\\System32\\locale.nls", "id": "region_2854", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 77135872, "timestamp": "00:02:08.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1953652735, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_2855", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:02:08.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1954021376, "type": "region", "version": 1 }, "end_va": 1955004415, "entry_point": 1954021376, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_2856", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1954021376, "timestamp": "00:02:08.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2129920000, "type": "region", "version": 1 }, "end_va": 2130968575, "entry_point": 0, "filename": null, "id": "region_2857", "name": "pagefile_0x000000007ef40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2129920000, "timestamp": "00:02:08.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 75497472, "type": "region", "version": 1 }, "end_va": 75513855, "entry_point": 0, "filename": null, "id": "region_2928", "name": "private_0x0000000004800000", "norm_filename": null, "region_type": "private_memory", "start_va": 75497472, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 76480512, "type": "region", "version": 1 }, "end_va": 76742655, "entry_point": 0, "filename": null, "id": "region_2929", "name": "private_0x00000000048f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76480512, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 76742656, "type": "region", "version": 1 }, "end_va": 77004799, "entry_point": 0, "filename": null, "id": "region_2930", "name": "private_0x0000000004930000", "norm_filename": null, "region_type": "private_memory", "start_va": 76742656, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 81395712, "type": "region", "version": 1 }, "end_va": 81461247, "entry_point": 0, "filename": null, "id": "region_2931", "name": "private_0x0000000004da0000", "norm_filename": null, "region_type": "private_memory", "start_va": 81395712, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944797183, "entry_point": 1944256512, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_2932", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1944846336, "type": "region", "version": 1 }, "end_va": 1945165823, "entry_point": 1944846336, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_2933", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1944846336, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1951764479, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_2934", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1951793152, "type": "region", "version": 1 }, "end_va": 1951834111, "entry_point": 1951793152, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_2935", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1951793152, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1951858688, "type": "region", "version": 1 }, "end_va": 1951981567, "entry_point": 1951858688, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_2936", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1951858688, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953968127, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_2937", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1959051263, "entry_point": 1958346752, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_2938", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1962176511, "entry_point": 1962147840, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_2939", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968553983, "entry_point": 1968177152, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_2940", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 2000289792, "type": "region", "version": 1 }, "end_va": 2001068031, "entry_point": 2000289792, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_2941", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000289792, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2131136512, "type": "region", "version": 1 }, "end_va": 2131148799, "entry_point": 0, "filename": null, "id": "region_2942", "name": "private_0x000000007f069000", "norm_filename": null, "region_type": "private_memory", "start_va": 2131136512, "timestamp": "00:02:08.621", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1943732224, "type": "region", "version": 1 }, "end_va": 1943805951, "entry_point": 1943732224, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_2943", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1943732224, "timestamp": "00:02:08.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1936130048, "type": "region", "version": 1 }, "end_va": 1936220159, "entry_point": 1936130048, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_2944", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1936130048, "timestamp": "00:02:08.641", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1935998976, "type": "region", "version": 1 }, "end_va": 1936076799, "entry_point": 1935998976, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_2945", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1935998976, "timestamp": "00:02:08.646", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1996816384, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_2946", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:02:08.647", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970982911, "entry_point": 1969618944, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_2947", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:02:08.648", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 77922304, "type": "region", "version": 1 }, "end_va": 78094335, "entry_point": 77922304, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2948", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 77922304, "timestamp": "00:02:08.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 79757312, "type": "region", "version": 1 }, "end_va": 81362943, "entry_point": 0, "filename": null, "id": "region_2949", "name": "pagefile_0x0000000004c10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 79757312, "timestamp": "00:02:08.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1998696447, "entry_point": 1998520320, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_2950", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:02:08.651", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1956511743, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_2951", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:02:08.652", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 75563008, "type": "region", "version": 1 }, "end_va": 75583487, "entry_point": 75563008, "filename": "\\Windows\\SysWOW64\\en-US\\nslookup.exe.mui", "id": "region_2952", "name": "nslookup.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\nslookup.exe.mui", "region_type": "memory_mapped_file", "start_va": 75563008, "timestamp": "00:02:08.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 81461248, "type": "region", "version": 1 }, "end_va": 83038207, "entry_point": 0, "filename": null, "id": "region_2953", "name": "pagefile_0x0000000004db0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 81461248, "timestamp": "00:02:08.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 83099648, "type": "region", "version": 1 }, "end_va": 104071167, "entry_point": 0, "filename": null, "id": "region_2954", "name": "pagefile_0x0000000004f40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83099648, "timestamp": "00:02:08.661", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 77004800, "type": "region", "version": 1 }, "end_va": 77008895, "entry_point": 0, "filename": null, "id": "region_2955", "name": "private_0x0000000004970000", "norm_filename": null, "region_type": "private_memory", "start_va": 77004800, "timestamp": "00:02:08.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 77922304, "type": "region", "version": 1 }, "end_va": 77926399, "entry_point": 0, "filename": null, "id": "region_2956", "name": "private_0x0000000004a50000", "norm_filename": null, "region_type": "private_memory", "start_va": 77922304, "timestamp": "00:02:08.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1935933440, "type": "region", "version": 1 }, "end_va": 1935978495, "entry_point": 1935933440, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_2957", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1935933440, "timestamp": "00:02:08.666", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1944190976, "type": "region", "version": 1 }, "end_va": 1944223743, "entry_point": 1944190976, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_2958", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1944190976, "timestamp": "00:02:08.670", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1946157055, "entry_point": 1945960448, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_2959", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:02:08.671", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945894912, "type": "region", "version": 1 }, "end_va": 1945927679, "entry_point": 1945894912, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_2960", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1945894912, "timestamp": "00:02:08.672", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1943863296, "type": "region", "version": 1 }, "end_va": 1944150015, "entry_point": 1943863296, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_2961", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1943863296, "timestamp": "00:02:08.675", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946791935, "entry_point": 1946681344, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_2962", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:02:08.676", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "nslookup gandcrab.bit a.dnspod.com", "filename": "c:\\windows\\syswow64\\nslookup.exe", "id": "proc_7", "image_name": "nslookup.exe", "monitor_reason": "child_process", "monitored_id": 7, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3305471, "entry_point": 3211264, "filename": "\\Windows\\SysWOW64\\nslookup.exe", "id": "region_4703", "name": "nslookup.exe", "norm_filename": "c:\\windows\\syswow64\\nslookup.exe", "region_type": "memory_mapped_file", "start_va": 3211264, "timestamp": "00:02:23.870", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 12976128, "type": "region", "version": 1 }, "end_va": 80084991, "entry_point": 0, "filename": null, "id": "region_4704", "name": "pagefile_0x0000000000c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 12976128, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 80084992, "type": "region", "version": 1 }, "end_va": 80216063, "entry_point": 0, "filename": null, "id": "region_4705", "name": "private_0x0000000004c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 80084992, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 80216064, "type": "region", "version": 1 }, "end_va": 80224255, "entry_point": 0, "filename": null, "id": "region_4706", "name": "private_0x0000000004c80000", "norm_filename": null, "region_type": "private_memory", "start_va": 80216064, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 80281600, "type": "region", "version": 1 }, "end_va": 80363519, "entry_point": 0, "filename": null, "id": "region_4707", "name": "pagefile_0x0000000004c90000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 80281600, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 80412672, "type": "region", "version": 1 }, "end_va": 80674815, "entry_point": 0, "filename": null, "id": "region_4708", "name": "private_0x0000000004cb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 80412672, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 80674816, "type": "region", "version": 1 }, "end_va": 80936959, "entry_point": 0, "filename": null, "id": "region_4709", "name": "private_0x0000000004cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 80674816, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 80936960, "type": "region", "version": 1 }, "end_va": 80953343, "entry_point": 0, "filename": null, "id": "region_4710", "name": "pagefile_0x0000000004d30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 80936960, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 81002496, "type": "region", "version": 1 }, "end_va": 81006591, "entry_point": 0, "filename": null, "id": "region_4711", "name": "pagefile_0x0000000004d40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 81002496, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 81068032, "type": "region", "version": 1 }, "end_va": 81076223, "entry_point": 0, "filename": null, "id": "region_4712", "name": "private_0x0000000004d50000", "norm_filename": null, "region_type": "private_memory", "start_va": 81068032, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002620415, "entry_point": 2001076224, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4713", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2138374144, "type": "region", "version": 1 }, "end_va": 2138517503, "entry_point": 0, "filename": null, "id": "region_4714", "name": "pagefile_0x000000007f750000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2138374144, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2138542080, "type": "region", "version": 1 }, "end_va": 2138546175, "entry_point": 0, "filename": null, "id": "region_4715", "name": "private_0x000000007f779000", "norm_filename": null, "region_type": "private_memory", "start_va": 2138542080, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2138546176, "type": "region", "version": 1 }, "end_va": 2138550271, "entry_point": 0, "filename": null, "id": "region_4716", "name": "private_0x000000007f77a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2138546176, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2138558464, "type": "region", "version": 1 }, "end_va": 2138570751, "entry_point": 0, "filename": null, "id": "region_4717", "name": "private_0x000000007f77d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2138558464, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4718", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138510253686784, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138512401104895, "entry_point": 0, "filename": null, "id": "region_4719", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138512401104896, "type": "region", "version": 1 }, "end_va": 140711424360447, "entry_point": 0, "filename": null, "id": "region_4720", "name": "pagefile_0x00007df9ee770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138512401104896, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140711424360448, "type": "region", "version": 1 }, "end_va": 140711426203647, "entry_point": 140711424360448, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4721", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140711424360448, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 26062086144, "start_va": 140711426203648, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_4722", "name": "private_0x00007ff9ee932000", "norm_filename": null, "region_type": "private_memory", "start_va": 140711426203648, "timestamp": "00:02:23.871", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 81133568, "type": "region", "version": 1 }, "end_va": 81199103, "entry_point": 0, "filename": null, "id": "region_4723", "name": "private_0x0000000004d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 81133568, "timestamp": "00:02:23.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1942814720, "type": "region", "version": 1 }, "end_va": 1943138303, "entry_point": 1942814720, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4724", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942814720, "timestamp": "00:02:23.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1943207936, "type": "region", "version": 1 }, "end_va": 1943678975, "entry_point": 1943207936, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4725", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1943207936, "timestamp": "00:02:23.889", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 82444288, "type": "region", "version": 1 }, "end_va": 83492863, "entry_point": 0, "filename": null, "id": "region_4726", "name": "private_0x0000000004ea0000", "norm_filename": null, "region_type": "private_memory", "start_va": 82444288, "timestamp": "00:02:23.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943142400, "type": "region", "version": 1 }, "end_va": 1943175167, "entry_point": 1943142400, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4727", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943142400, "timestamp": "00:02:23.979", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 80084992, "type": "region", "version": 1 }, "end_va": 80150527, "entry_point": 0, "filename": null, "id": "region_4768", "name": "pagefile_0x0000000004c60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 80084992, "timestamp": "00:02:24.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 80150528, "type": "region", "version": 1 }, "end_va": 80166911, "entry_point": 0, "filename": null, "id": "region_4769", "name": "private_0x0000000004c70000", "norm_filename": null, "region_type": "private_memory", "start_va": 80150528, "timestamp": "00:02:24.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 81199104, "type": "region", "version": 1 }, "end_va": 81977343, "entry_point": 81199104, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4770", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 81199104, "timestamp": "00:02:24.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 81985536, "type": "region", "version": 1 }, "end_va": 82247679, "entry_point": 0, "filename": null, "id": "region_4771", "name": "private_0x0000000004e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 81985536, "timestamp": "00:02:24.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 83492864, "type": "region", "version": 1 }, "end_va": 83755007, "entry_point": 0, "filename": null, "id": "region_4772", "name": "private_0x0000000004fa0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83492864, "timestamp": "00:02:24.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 85786624, "type": "region", "version": 1 }, "end_va": 85852159, "entry_point": 0, "filename": null, "id": "region_4773", "name": "private_0x00000000051d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85786624, "timestamp": "00:02:24.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944797183, "entry_point": 1944256512, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_4774", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:02:24.175", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1944846336, "type": "region", "version": 1 }, "end_va": 1945165823, "entry_point": 1944846336, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_4775", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1944846336, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1951764479, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_4776", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1951793152, "type": "region", "version": 1 }, "end_va": 1951834111, "entry_point": 1951793152, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4777", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1951793152, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1951858688, "type": "region", "version": 1 }, "end_va": 1951981567, "entry_point": 1951858688, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4778", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1951858688, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1953652735, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4779", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953968127, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4780", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1954021376, "type": "region", "version": 1 }, "end_va": 1955004415, "entry_point": 1954021376, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4781", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1954021376, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1959051263, "entry_point": 1958346752, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4782", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1962176511, "entry_point": 1962147840, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4783", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968553983, "entry_point": 1968177152, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4784", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 2000289792, "type": "region", "version": 1 }, "end_va": 2001068031, "entry_point": 2000289792, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4785", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000289792, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137325568, "type": "region", "version": 1 }, "end_va": 2138374143, "entry_point": 0, "filename": null, "id": "region_4786", "name": "pagefile_0x000000007f650000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137325568, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2138529792, "type": "region", "version": 1 }, "end_va": 2138542079, "entry_point": 0, "filename": null, "id": "region_4787", "name": "private_0x000000007f776000", "norm_filename": null, "region_type": "private_memory", "start_va": 2138529792, "timestamp": "00:02:24.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1943732224, "type": "region", "version": 1 }, "end_va": 1943805951, "entry_point": 1943732224, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_4788", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1943732224, "timestamp": "00:02:24.189", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1936130048, "type": "region", "version": 1 }, "end_va": 1936220159, "entry_point": 1936130048, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_4789", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1936130048, "timestamp": "00:02:24.195", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1935998976, "type": "region", "version": 1 }, "end_va": 1936076799, "entry_point": 1935998976, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_4790", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1935998976, "timestamp": "00:02:24.197", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1996816384, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4791", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:02:24.198", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970982911, "entry_point": 1969618944, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4792", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:02:24.201", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 82247680, "type": "region", "version": 1 }, "end_va": 82419711, "entry_point": 82247680, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4793", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 82247680, "timestamp": "00:02:24.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 83755008, "type": "region", "version": 1 }, "end_va": 85360639, "entry_point": 0, "filename": null, "id": "region_4794", "name": "pagefile_0x0000000004fe0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83755008, "timestamp": "00:02:24.204", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1998696447, "entry_point": 1998520320, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4795", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:02:24.205", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1956511743, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4796", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:02:24.206", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 80216064, "type": "region", "version": 1 }, "end_va": 80236543, "entry_point": 80216064, "filename": "\\Windows\\SysWOW64\\en-US\\nslookup.exe.mui", "id": "region_4797", "name": "nslookup.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\nslookup.exe.mui", "region_type": "memory_mapped_file", "start_va": 80216064, "timestamp": "00:02:24.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 85852160, "type": "region", "version": 1 }, "end_va": 87429119, "entry_point": 0, "filename": null, "id": "region_4798", "name": "pagefile_0x00000000051e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 85852160, "timestamp": "00:02:24.209", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 87490560, "type": "region", "version": 1 }, "end_va": 108462079, "entry_point": 0, "filename": null, "id": "region_4799", "name": "pagefile_0x0000000005370000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 87490560, "timestamp": "00:02:24.210", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 82247680, "type": "region", "version": 1 }, "end_va": 82251775, "entry_point": 0, "filename": null, "id": "region_4800", "name": "private_0x0000000004e70000", "norm_filename": null, "region_type": "private_memory", "start_va": 82247680, "timestamp": "00:02:24.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 82313216, "type": "region", "version": 1 }, "end_va": 82317311, "entry_point": 0, "filename": null, "id": "region_4801", "name": "private_0x0000000004e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 82313216, "timestamp": "00:02:24.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1935933440, "type": "region", "version": 1 }, "end_va": 1935978495, "entry_point": 1935933440, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_4802", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1935933440, "timestamp": "00:02:24.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1944190976, "type": "region", "version": 1 }, "end_va": 1944223743, "entry_point": 1944190976, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_4803", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1944190976, "timestamp": "00:02:24.216", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1946157055, "entry_point": 1945960448, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_4804", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:02:24.218", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945894912, "type": "region", "version": 1 }, "end_va": 1945927679, "entry_point": 1945894912, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_4805", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1945894912, "timestamp": "00:02:24.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1943863296, "type": "region", "version": 1 }, "end_va": 1944150015, "entry_point": 1943863296, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_4806", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1943863296, "timestamp": "00:02:24.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946791935, "entry_point": 1946681344, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_4807", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:02:24.223", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\SysWOW64\\wbem\\wmic.exe\" process call create \"cmd /c start C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\tubcvd.exe\"", "filename": "c:\\windows\\syswow64\\wbem\\wmic.exe", "id": "proc_9", "image_name": "wmic.exe", "monitor_reason": "child_process", "monitored_id": 9, "origin_monitor_id": 4, "ref_parent_process": { "ref_id": "proc_4", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 262143, "entry_point": 0, "filename": null, "id": "region_4838", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:02:33.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 270335, "entry_point": 0, "filename": null, "id": "region_4839", "name": "private_0x0000000000040000", "norm_filename": null, "region_type": "private_memory", "start_va": 262144, "timestamp": "00:02:33.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 327680, "type": "region", "version": 1 }, "end_va": 409599, "entry_point": 0, "filename": null, "id": "region_4840", "name": "pagefile_0x0000000000050000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 327680, "timestamp": "00:02:33.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 458752, "type": "region", "version": 1 }, "end_va": 720895, "entry_point": 0, "filename": null, "id": "region_4841", "name": "private_0x0000000000070000", "norm_filename": null, "region_type": "private_memory", "start_va": 458752, "timestamp": "00:02:33.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 720896, "type": "region", "version": 1 }, "end_va": 983039, "entry_point": 0, "filename": null, "id": "region_4842", "name": "private_0x00000000000b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 720896, "timestamp": "00:02:33.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 409600, "start_va": 13107200, "type": "region", "version": 1 }, "end_va": 13516799, "entry_point": 13107200, "filename": "\\Windows\\SysWOW64\\wbem\\WMIC.exe", "id": "region_4843", "name": "wmic.exe", "norm_filename": "c:\\windows\\syswow64\\wbem\\wmic.exe", "region_type": "memory_mapped_file", "start_va": 13107200, "timestamp": "00:02:33.650", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 13565952, "type": "region", "version": 1 }, "end_va": 80674815, "entry_point": 0, "filename": null, "id": "region_4844", "name": "pagefile_0x0000000000cf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 13565952, "timestamp": "00:02:33.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002620415, "entry_point": 2001076224, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_4845", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:02:33.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2133786624, "type": "region", "version": 1 }, "end_va": 2133929983, "entry_point": 0, "filename": null, "id": "region_4846", "name": "pagefile_0x000000007f2f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2133786624, "timestamp": "00:02:33.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2133950464, "type": "region", "version": 1 }, "end_va": 2133954559, "entry_point": 0, "filename": null, "id": "region_4847", "name": "private_0x000000007f318000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133950464, "timestamp": "00:02:33.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2133966848, "type": "region", "version": 1 }, "end_va": 2133979135, "entry_point": 0, "filename": null, "id": "region_4848", "name": "private_0x000000007f31c000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133966848, "timestamp": "00:02:33.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2133979136, "type": "region", "version": 1 }, "end_va": 2133983231, "entry_point": 0, "filename": null, "id": "region_4849", "name": "private_0x000000007f31f000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133979136, "timestamp": "00:02:33.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_4850", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:33.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138510253686784, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138512401104895, "entry_point": 0, "filename": null, "id": "region_4851", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:33.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138512401104896, "type": "region", "version": 1 }, "end_va": 140711424360447, "entry_point": 0, "filename": null, "id": "region_4852", "name": "pagefile_0x00007df9ee770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138512401104896, "timestamp": "00:02:33.772", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140711424360448, "type": "region", "version": 1 }, "end_va": 140711426203647, "entry_point": 140711424360448, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_4853", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140711424360448, "timestamp": "00:02:33.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 26062086144, "start_va": 140711426203648, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_4854", "name": "private_0x00007ff9ee932000", "norm_filename": null, "region_type": "private_memory", "start_va": 140711426203648, "timestamp": "00:02:33.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 983040, "type": "region", "version": 1 }, "end_va": 999423, "entry_point": 0, "filename": null, "id": "region_4856", "name": "pagefile_0x00000000000f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 983040, "timestamp": "00:02:33.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1048576, "type": "region", "version": 1 }, "end_va": 1052671, "entry_point": 0, "filename": null, "id": "region_4857", "name": "pagefile_0x0000000000100000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1048576, "timestamp": "00:02:33.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1114112, "type": "region", "version": 1 }, "end_va": 1122303, "entry_point": 0, "filename": null, "id": "region_4858", "name": "private_0x0000000000110000", "norm_filename": null, "region_type": "private_memory", "start_va": 1114112, "timestamp": "00:02:33.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2293759, "entry_point": 0, "filename": null, "id": "region_4859", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:02:33.846", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1942814720, "type": "region", "version": 1 }, "end_va": 1943138303, "entry_point": 1942814720, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_4860", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942814720, "timestamp": "00:02:33.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1943207936, "type": "region", "version": 1 }, "end_va": 1943678975, "entry_point": 1943207936, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_4861", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1943207936, "timestamp": "00:02:33.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2818048, "type": "region", "version": 1 }, "end_va": 3866623, "entry_point": 0, "filename": null, "id": "region_4862", "name": "private_0x00000000002b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2818048, "timestamp": "00:02:33.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943142400, "type": "region", "version": 1 }, "end_va": 1943175167, "entry_point": 1943142400, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_4863", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943142400, "timestamp": "00:02:33.854", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_4915", "name": "pagefile_0x0000000000020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 131072, "timestamp": "00:02:34.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 1179648, "type": "region", "version": 1 }, "end_va": 1957887, "entry_point": 1179648, "filename": "\\Windows\\System32\\locale.nls", "id": "region_4916", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 1179648, "timestamp": "00:02:34.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 593920, "start_va": 1950744576, "type": "region", "version": 1 }, "end_va": 1951338495, "entry_point": 1950744576, "filename": "\\Windows\\SysWOW64\\apphelp.dll", "id": "region_4917", "name": "apphelp.dll", "norm_filename": "c:\\windows\\syswow64\\apphelp.dll", "region_type": "memory_mapped_file", "start_va": 1950744576, "timestamp": "00:02:34.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1953652735, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_4918", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:02:34.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1954021376, "type": "region", "version": 1 }, "end_va": 1955004415, "entry_point": 1954021376, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_4919", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1954021376, "timestamp": "00:02:34.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3735552, "start_va": 2129002496, "type": "region", "version": 1 }, "end_va": 2132738047, "entry_point": 2129002496, "filename": "\\Windows\\AppPatch\\sysmain.sdb", "id": "region_4920", "name": "sysmain.sdb", "norm_filename": "c:\\windows\\apppatch\\sysmain.sdb", "region_type": "memory_mapped_file", "start_va": 2129002496, "timestamp": "00:02:34.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2132738048, "type": "region", "version": 1 }, "end_va": 2133786623, "entry_point": 0, "filename": null, "id": "region_4921", "name": "pagefile_0x000000007f1f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2132738048, "timestamp": "00:02:34.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 212991, "entry_point": 0, "filename": null, "id": "region_4922", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:34.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1966080, "type": "region", "version": 1 }, "end_va": 2228223, "entry_point": 0, "filename": null, "id": "region_4923", "name": "private_0x00000000001e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1966080, "timestamp": "00:02:34.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2555903, "entry_point": 0, "filename": null, "id": "region_4924", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:02:34.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4456448, "type": "region", "version": 1 }, "end_va": 4521983, "entry_point": 0, "filename": null, "id": "region_4925", "name": "private_0x0000000000440000", "norm_filename": null, "region_type": "private_memory", "start_va": 4456448, "timestamp": "00:02:34.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1932525568, "type": "region", "version": 1 }, "end_va": 1932783615, "entry_point": 1932525568, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_4926", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1932525568, "timestamp": "00:02:34.045", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1945894912, "type": "region", "version": 1 }, "end_va": 1945927679, "entry_point": 1945894912, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_4927", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1945894912, "timestamp": "00:02:34.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1945960448, "type": "region", "version": 1 }, "end_va": 1946157055, "entry_point": 1945960448, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_4928", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1945960448, "timestamp": "00:02:34.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1951764479, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_4929", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:02:34.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1951793152, "type": "region", "version": 1 }, "end_va": 1951834111, "entry_point": 1951793152, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_4930", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1951793152, "timestamp": "00:02:34.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1951858688, "type": "region", "version": 1 }, "end_va": 1951981567, "entry_point": 1951858688, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_4931", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1951858688, "timestamp": "00:02:34.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953968127, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_4932", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:02:34.051", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1958322175, "entry_point": 1956511744, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_4933", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:02:34.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1959051263, "entry_point": 1958346752, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_4934", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:02:34.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1962176511, "entry_point": 1962147840, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_4935", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:02:34.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 2000289792, "type": "region", "version": 1 }, "end_va": 2001068031, "entry_point": 2000289792, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_4936", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000289792, "timestamp": "00:02:34.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2133954560, "type": "region", "version": 1 }, "end_va": 2133966847, "entry_point": 0, "filename": null, "id": "region_4937", "name": "private_0x000000007f319000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133954560, "timestamp": "00:02:34.052", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1969553408, "type": "region", "version": 1 }, "end_va": 1969602559, "entry_point": 1969553408, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_4938", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1969553408, "timestamp": "00:02:34.057", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 266239, "entry_point": 0, "filename": null, "id": "region_4939", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:02:34.066", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 532480, "start_va": 1964310528, "type": "region", "version": 1 }, "end_va": 1964843007, "entry_point": 1964310528, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_4940", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1964310528, "timestamp": "00:02:34.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2555904, "type": "region", "version": 1 }, "end_va": 2559999, "entry_point": 0, "filename": null, "id": "region_4941", "name": "pagefile_0x0000000000270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2555904, "timestamp": "00:02:34.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1932460032, "type": "region", "version": 1 }, "end_va": 1932513279, "entry_point": 1932460032, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_4942", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1932460032, "timestamp": "00:02:34.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968553983, "entry_point": 1968177152, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_4943", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:02:34.166", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 417792, "start_va": 1932001280, "type": "region", "version": 1 }, "end_va": 1932419071, "entry_point": 1932001280, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_4944", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1932001280, "timestamp": "00:02:34.176", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1946681344, "type": "region", "version": 1 }, "end_va": 1946791935, "entry_point": 1946681344, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_4945", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1946681344, "timestamp": "00:02:34.290", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 4521984, "type": "region", "version": 1 }, "end_va": 7892991, "entry_point": 4521984, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_4946", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 4521984, "timestamp": "00:02:34.298", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1998848000, "type": "region", "version": 1 }, "end_va": 1999446015, "entry_point": 1998848000, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_4947", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1998848000, "timestamp": "00:02:34.300", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 954368, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 8884223, "entry_point": 7929856, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4948", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 7929856, "timestamp": "00:02:34.301", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2637823, "entry_point": 0, "filename": null, "id": "region_4949", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:02:34.303", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1930362880, "type": "region", "version": 1 }, "end_va": 1932001279, "entry_point": 1930362880, "filename": "\\Windows\\SysWOW64\\msxml3.dll", "id": "region_4950", "name": "msxml3.dll", "norm_filename": "c:\\windows\\syswow64\\msxml3.dll", "region_type": "memory_mapped_file", "start_va": 1930362880, "timestamp": "00:02:34.324", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1900544, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 9830399, "entry_point": 0, "filename": null, "id": "region_4951", "name": "private_0x0000000000790000", "norm_filename": null, "region_type": "private_memory", "start_va": 7929856, "timestamp": "00:02:34.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1835008, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 9764863, "entry_point": 0, "filename": null, "id": "region_4952", "name": "private_0x0000000000790000", "norm_filename": null, "region_type": "private_memory", "start_va": 7929856, "timestamp": "00:02:34.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 9764864, "type": "region", "version": 1 }, "end_va": 9830399, "entry_point": 0, "filename": null, "id": "region_4953", "name": "private_0x0000000000950000", "norm_filename": null, "region_type": "private_memory", "start_va": 9764864, "timestamp": "00:02:34.481", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1900544, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 11730943, "entry_point": 0, "filename": null, "id": "region_4954", "name": "private_0x0000000000960000", "norm_filename": null, "region_type": "private_memory", "start_va": 9830400, "timestamp": "00:02:34.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_4955", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:02:34.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1900544, "start_va": 80674816, "type": "region", "version": 1 }, "end_va": 82575359, "entry_point": 0, "filename": null, "id": "region_4956", "name": "private_0x0000000004cf0000", "norm_filename": null, "region_type": "private_memory", "start_va": 80674816, "timestamp": "00:02:34.482", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 7929856, "type": "region", "version": 1 }, "end_va": 8843263, "entry_point": 7929856, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_4957", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 7929856, "timestamp": "00:02:34.486", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 9699328, "type": "region", "version": 1 }, "end_va": 9764863, "entry_point": 0, "filename": null, "id": "region_4958", "name": "private_0x0000000000940000", "norm_filename": null, "region_type": "private_memory", "start_va": 9699328, "timestamp": "00:02:34.490", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 82575360, "type": "region", "version": 1 }, "end_va": 86769663, "entry_point": 0, "filename": null, "id": "region_4959", "name": "private_0x0000000004ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 82575360, "timestamp": "00:02:34.491", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 2691071, "entry_point": 2686976, "filename": "\\Windows\\SysWOW64\\msxml3r.dll", "id": "region_4960", "name": "msxml3r.dll", "norm_filename": "c:\\windows\\syswow64\\msxml3r.dll", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:02:34.494", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 3866624, "type": "region", "version": 1 }, "end_va": 3997695, "entry_point": 0, "filename": null, "id": "region_4961", "name": "private_0x00000000003b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3866624, "timestamp": "00:02:34.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4063232, "type": "region", "version": 1 }, "end_va": 4128767, "entry_point": 0, "filename": null, "id": "region_4962", "name": "private_0x00000000003e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4063232, "timestamp": "00:02:34.500", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1441792, "start_va": 1938423808, "type": "region", "version": 1 }, "end_va": 1939865599, "entry_point": 1938423808, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_4963", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1938423808, "timestamp": "00:02:34.502", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959833599, "entry_point": 1959329792, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_4964", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:02:34.503", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966002175, "entry_point": 1965424640, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_4965", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:02:34.504", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1963982848, "type": "region", "version": 1 }, "end_va": 1964261375, "entry_point": 1963982848, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_4966", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963982848, "timestamp": "00:02:34.505", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970982911, "entry_point": 1969618944, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_4967", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:02:34.506", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1996816384, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_4968", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:02:34.508", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2887680, "start_va": 1939865600, "type": "region", "version": 1 }, "end_va": 1942753279, "entry_point": 1939865600, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_4969", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1939865600, "timestamp": "00:02:34.510", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4300799, "entry_point": 4128768, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4970", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 4128768, "timestamp": "00:02:34.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 9830400, "type": "region", "version": 1 }, "end_va": 11436031, "entry_point": 0, "filename": null, "id": "region_4971", "name": "pagefile_0x0000000000960000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9830400, "timestamp": "00:02:34.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 11665408, "type": "region", "version": 1 }, "end_va": 11730943, "entry_point": 0, "filename": null, "id": "region_4972", "name": "private_0x0000000000b20000", "norm_filename": null, "region_type": "private_memory", "start_va": 11665408, "timestamp": "00:02:34.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1998696447, "entry_point": 1998520320, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_4973", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:02:34.514", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1956511743, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_4974", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:02:34.516", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2752512, "type": "region", "version": 1 }, "end_va": 2818047, "entry_point": 2752512, "filename": "\\Windows\\SysWOW64\\wbem\\en-US\\WMIC.exe.mui", "id": "region_4975", "name": "wmic.exe.mui", "norm_filename": "c:\\windows\\syswow64\\wbem\\en-us\\wmic.exe.mui", "region_type": "memory_mapped_file", "start_va": 2752512, "timestamp": "00:02:34.518", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 80674816, "type": "region", "version": 1 }, "end_va": 82251775, "entry_point": 0, "filename": null, "id": "region_4976", "name": "pagefile_0x0000000004cf0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 80674816, "timestamp": "00:02:34.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 82509824, "type": "region", "version": 1 }, "end_va": 82575359, "entry_point": 0, "filename": null, "id": "region_4977", "name": "private_0x0000000004eb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 82509824, "timestamp": "00:02:34.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 86769664, "type": "region", "version": 1 }, "end_va": 107741183, "entry_point": 0, "filename": null, "id": "region_4978", "name": "pagefile_0x00000000052c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 86769664, "timestamp": "00:02:34.523", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 3997696, "type": "region", "version": 1 }, "end_va": 4001791, "entry_point": 0, "filename": null, "id": "region_4979", "name": "private_0x00000000003d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3997696, "timestamp": "00:02:34.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 4128768, "type": "region", "version": 1 }, "end_va": 4132863, "entry_point": 0, "filename": null, "id": "region_4980", "name": "private_0x00000000003f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 4128768, "timestamp": "00:02:34.526", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2244608, "start_va": 1948385280, "type": "region", "version": 1 }, "end_va": 1950629887, "entry_point": 1948385280, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_4981", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1948385280, "timestamp": "00:02:34.528", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 958464, "start_va": 1968570368, "type": "region", "version": 1 }, "end_va": 1969528831, "entry_point": 1968570368, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_4982", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1968570368, "timestamp": "00:02:34.533", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1947074560, "type": "region", "version": 1 }, "end_va": 1947553791, "entry_point": 1947074560, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_4983", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1947074560, "timestamp": "00:02:34.541", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4259839, "entry_point": 0, "filename": null, "id": "region_4984", "name": "private_0x0000000000400000", "norm_filename": null, "region_type": "private_memory", "start_va": 4194304, "timestamp": "00:02:34.542", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4263935, "entry_point": 0, "filename": null, "id": "region_4985", "name": "pagefile_0x0000000000410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4259840, "timestamp": "00:02:34.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 753664, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 9601023, "entry_point": 0, "filename": null, "id": "region_4986", "name": "pagefile_0x0000000000870000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 8847360, "timestamp": "00:02:34.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 4259840, "type": "region", "version": 1 }, "end_va": 4276223, "entry_point": 0, "filename": null, "id": "region_4987", "name": "pagefile_0x0000000000410000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4259840, "timestamp": "00:02:34.549", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1946943488, "type": "region", "version": 1 }, "end_va": 1947062271, "entry_point": 1946943488, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_4988", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1946943488, "timestamp": "00:02:34.551", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 11730944, "type": "region", "version": 1 }, "end_va": 12779519, "entry_point": 0, "filename": null, "id": "region_4989", "name": "private_0x0000000000b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 11730944, "timestamp": "00:02:34.561", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1946812416, "type": "region", "version": 1 }, "end_va": 1946890239, "entry_point": 1946812416, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_4990", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1946812416, "timestamp": "00:02:34.581", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1946484736, "type": "region", "version": 1 }, "end_va": 1946677247, "entry_point": 1946484736, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_4991", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1946484736, "timestamp": "00:02:34.582", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 12779520, "type": "region", "version": 1 }, "end_va": 13041663, "entry_point": 0, "filename": null, "id": "region_4992", "name": "private_0x0000000000c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 12779520, "timestamp": "00:02:34.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 107741184, "type": "region", "version": 1 }, "end_va": 108003327, "entry_point": 0, "filename": null, "id": "region_4993", "name": "private_0x00000000066c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 107741184, "timestamp": "00:02:34.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 108003328, "type": "region", "version": 1 }, "end_va": 108265471, "entry_point": 0, "filename": null, "id": "region_4994", "name": "private_0x0000000006700000", "norm_filename": null, "region_type": "private_memory", "start_va": 108003328, "timestamp": "00:02:34.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 108265472, "type": "region", "version": 1 }, "end_va": 108527615, "entry_point": 0, "filename": null, "id": "region_4995", "name": "private_0x0000000006740000", "norm_filename": null, "region_type": "private_memory", "start_va": 108265472, "timestamp": "00:02:34.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 108527616, "type": "region", "version": 1 }, "end_va": 108789759, "entry_point": 0, "filename": null, "id": "region_4996", "name": "private_0x0000000006780000", "norm_filename": null, "region_type": "private_memory", "start_va": 108527616, "timestamp": "00:02:34.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 108789760, "type": "region", "version": 1 }, "end_va": 109051903, "entry_point": 0, "filename": null, "id": "region_4997", "name": "private_0x00000000067c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 108789760, "timestamp": "00:02:34.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2132713472, "type": "region", "version": 1 }, "end_va": 2132725759, "entry_point": 0, "filename": null, "id": "region_4998", "name": "private_0x000000007f1ea000", "norm_filename": null, "region_type": "private_memory", "start_va": 2132713472, "timestamp": "00:02:34.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2132725760, "type": "region", "version": 1 }, "end_va": 2132738047, "entry_point": 0, "filename": null, "id": "region_4999", "name": "private_0x000000007f1ed000", "norm_filename": null, "region_type": "private_memory", "start_va": 2132725760, "timestamp": "00:02:34.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2133938176, "type": "region", "version": 1 }, "end_va": 2133950463, "entry_point": 0, "filename": null, "id": "region_5000", "name": "private_0x000000007f315000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133938176, "timestamp": "00:02:34.587", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1930231808, "type": "region", "version": 1 }, "end_va": 1930301439, "entry_point": 1930231808, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_5001", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1930231808, "timestamp": "00:02:34.594", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 770048, "start_va": 1929445376, "type": "region", "version": 1 }, "end_va": 1930215423, "entry_point": 1929445376, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_5383", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1929445376, "timestamp": "00:02:34.895", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 147456, "start_va": 11468800, "type": "region", "version": 1 }, "end_va": 11616255, "entry_point": 0, "filename": null, "id": "region_5384", "name": "pagefile_0x0000000000af0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11468800, "timestamp": "00:02:35.118", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 81920, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 4407295, "entry_point": 0, "filename": null, "id": "region_5385", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:02:35.190", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\svchost.exe -k netsvcs", "filename": "c:\\windows\\system32\\svchost.exe", "id": "proc_11", "image_name": "svchost.exe", "monitor_reason": "rpc_server", "monitored_id": 11, "origin_monitor_id": 9, "ref_parent_process": { "ref_id": "proc_9", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_5002", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:34.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 272474046464, "type": "region", "version": 1 }, "end_va": 272474111999, "entry_point": 0, "filename": null, "id": "region_5003", "name": "pagefile_0x0000003f70b80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272474046464, "timestamp": "00:02:34.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 272474112000, "type": "region", "version": 1 }, "end_va": 272474116095, "entry_point": 272474112000, "filename": "\\Windows\\System32\\en-US\\svchost.exe.mui", "id": "region_5004", "name": "svchost.exe.mui", "norm_filename": "c:\\windows\\system32\\en-us\\svchost.exe.mui", "region_type": "memory_mapped_file", "start_va": 272474112000, "timestamp": "00:02:34.634", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 272474177536, "type": "region", "version": 1 }, "end_va": 272474259455, "entry_point": 0, "filename": null, "id": "region_5005", "name": "pagefile_0x0000003f70ba0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272474177536, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272474308608, "type": "region", "version": 1 }, "end_va": 272474832895, "entry_point": 0, "filename": null, "id": "region_5006", "name": "private_0x0000003f70bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272474308608, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 272474832896, "type": "region", "version": 1 }, "end_va": 272474849279, "entry_point": 0, "filename": null, "id": "region_5007", "name": "pagefile_0x0000003f70c40000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272474832896, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 272474898432, "type": "region", "version": 1 }, "end_va": 272474902527, "entry_point": 0, "filename": null, "id": "region_5008", "name": "pagefile_0x0000003f70c50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272474898432, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 272474963968, "type": "region", "version": 1 }, "end_va": 272474972159, "entry_point": 0, "filename": null, "id": "region_5009", "name": "private_0x0000003f70c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 272474963968, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 272475029504, "type": "region", "version": 1 }, "end_va": 272475807743, "entry_point": 272475029504, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5010", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 272475029504, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272475815936, "type": "region", "version": 1 }, "end_va": 272476340223, "entry_point": 0, "filename": null, "id": "region_5011", "name": "private_0x0000003f70d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 272475815936, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 272476340224, "type": "region", "version": 1 }, "end_va": 272476344319, "entry_point": 0, "filename": null, "id": "region_5012", "name": "private_0x0000003f70db0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272476340224, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 272476405760, "type": "region", "version": 1 }, "end_va": 272476434431, "entry_point": 0, "filename": null, "id": "region_5013", "name": "private_0x0000003f70dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272476405760, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 272476471296, "type": "region", "version": 1 }, "end_va": 272476475391, "entry_point": 0, "filename": null, "id": "region_5014", "name": "private_0x0000003f70dd0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272476471296, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 272476536832, "type": "region", "version": 1 }, "end_va": 272476565503, "entry_point": 0, "filename": null, "id": "region_5015", "name": "private_0x0000003f70de0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272476536832, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 272476602368, "type": "region", "version": 1 }, "end_va": 272476606463, "entry_point": 0, "filename": null, "id": "region_5016", "name": "pagefile_0x0000003f70df0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272476602368, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272476667904, "type": "region", "version": 1 }, "end_va": 272477716479, "entry_point": 0, "filename": null, "id": "region_5017", "name": "private_0x0000003f70e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272476667904, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272477716480, "type": "region", "version": 1 }, "end_va": 272478765055, "entry_point": 0, "filename": null, "id": "region_5018", "name": "private_0x0000003f70f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272477716480, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 272478765056, "type": "region", "version": 1 }, "end_va": 272480370687, "entry_point": 0, "filename": null, "id": "region_5019", "name": "pagefile_0x0000003f71000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272478765056, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 272480403456, "type": "region", "version": 1 }, "end_va": 272481980415, "entry_point": 0, "filename": null, "id": "region_5020", "name": "pagefile_0x0000003f71190000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272480403456, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 272482041856, "type": "region", "version": 1 }, "end_va": 272482828287, "entry_point": 0, "filename": null, "id": "region_5021", "name": "pagefile_0x0000003f71320000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272482041856, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272482828288, "type": "region", "version": 1 }, "end_va": 272483876863, "entry_point": 0, "filename": null, "id": "region_5022", "name": "private_0x0000003f713e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272482828288, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272483876864, "type": "region", "version": 1 }, "end_va": 272484925439, "entry_point": 0, "filename": null, "id": "region_5023", "name": "private_0x0000003f714e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272483876864, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 272484925440, "type": "region", "version": 1 }, "end_va": 272484929535, "entry_point": 0, "filename": null, "id": "region_5024", "name": "pagefile_0x0000003f715e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272484925440, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 272484990976, "type": "region", "version": 1 }, "end_va": 272484999167, "entry_point": 0, "filename": null, "id": "region_5025", "name": "pagefile_0x0000003f715f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272484990976, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 272485056512, "type": "region", "version": 1 }, "end_va": 272485060607, "entry_point": 0, "filename": null, "id": "region_5026", "name": "pagefile_0x0000003f71600000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272485056512, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 272485122048, "type": "region", "version": 1 }, "end_va": 272485130239, "entry_point": 0, "filename": null, "id": "region_5027", "name": "pagefile_0x0000003f71610000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272485122048, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 53248, "start_va": 272485187584, "type": "region", "version": 1 }, "end_va": 272485240831, "entry_point": 272485187584, "filename": "\\Windows\\System32\\en-US\\gpsvc.dll.mui", "id": "region_5028", "name": "gpsvc.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\gpsvc.dll.mui", "region_type": "memory_mapped_file", "start_va": 272485187584, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 272485253120, "type": "region", "version": 1 }, "end_va": 272485269503, "entry_point": 272485253120, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_5029", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 272485253120, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 272485318656, "type": "region", "version": 1 }, "end_va": 272485335039, "entry_point": 272485318656, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\cversions.2.db", "id": "region_5030", "name": "cversions.2.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\cversions.2.db", "region_type": "memory_mapped_file", "start_va": 272485318656, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 272485384192, "type": "region", "version": 1 }, "end_va": 272485412863, "entry_point": 0, "filename": null, "id": "region_5031", "name": "private_0x0000003f71650000", "norm_filename": null, "region_type": "private_memory", "start_va": 272485384192, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 272485449728, "type": "region", "version": 1 }, "end_va": 272485478399, "entry_point": 0, "filename": null, "id": "region_5032", "name": "private_0x0000003f71660000", "norm_filename": null, "region_type": "private_memory", "start_va": 272485449728, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272485515264, "type": "region", "version": 1 }, "end_va": 272486039551, "entry_point": 0, "filename": null, "id": "region_5033", "name": "private_0x0000003f71670000", "norm_filename": null, "region_type": "private_memory", "start_va": 272485515264, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 53248, "start_va": 272486039552, "type": "region", "version": 1 }, "end_va": 272486092799, "entry_point": 272486039552, "filename": "\\Windows\\System32\\en-US\\iphlpsvc.dll.mui", "id": "region_5034", "name": "iphlpsvc.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\iphlpsvc.dll.mui", "region_type": "memory_mapped_file", "start_va": 272486039552, "timestamp": "00:02:34.635", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272486105088, "type": "region", "version": 1 }, "end_va": 272487153663, "entry_point": 0, "filename": null, "id": "region_5035", "name": "private_0x0000003f71700000", "norm_filename": null, "region_type": "private_memory", "start_va": 272486105088, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 272487153664, "type": "region", "version": 1 }, "end_va": 272490524671, "entry_point": 272487153664, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_5036", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 272487153664, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272490561536, "type": "region", "version": 1 }, "end_va": 272491610111, "entry_point": 0, "filename": null, "id": "region_5037", "name": "private_0x0000003f71b40000", "norm_filename": null, "region_type": "private_memory", "start_va": 272490561536, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272491610112, "type": "region", "version": 1 }, "end_va": 272492658687, "entry_point": 0, "filename": null, "id": "region_5038", "name": "private_0x0000003f71c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 272491610112, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272492658688, "type": "region", "version": 1 }, "end_va": 272493707263, "entry_point": 0, "filename": null, "id": "region_5039", "name": "private_0x0000003f71d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 272492658688, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272493707264, "type": "region", "version": 1 }, "end_va": 272494755839, "entry_point": 0, "filename": null, "id": "region_5040", "name": "private_0x0000003f71e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 272493707264, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272494755840, "type": "region", "version": 1 }, "end_va": 272495804415, "entry_point": 0, "filename": null, "id": "region_5041", "name": "private_0x0000003f71f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 272494755840, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272495804416, "type": "region", "version": 1 }, "end_va": 272496328703, "entry_point": 0, "filename": null, "id": "region_5042", "name": "private_0x0000003f72040000", "norm_filename": null, "region_type": "private_memory", "start_va": 272495804416, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 69632, "start_va": 272496328704, "type": "region", "version": 1 }, "end_va": 272496398335, "entry_point": 272496328704, "filename": "\\Windows\\System32\\en-US\\propsys.dll.mui", "id": "region_5043", "name": "propsys.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\propsys.dll.mui", "region_type": "memory_mapped_file", "start_va": 272496328704, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 36864, "start_va": 272496459776, "type": "region", "version": 1 }, "end_va": 272496496639, "entry_point": 272496459776, "filename": "\\Windows\\System32\\en-US\\vsstrace.dll.mui", "id": "region_5044", "name": "vsstrace.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\vsstrace.dll.mui", "region_type": "memory_mapped_file", "start_va": 272496459776, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 272496525312, "type": "region", "version": 1 }, "end_va": 272496529407, "entry_point": 0, "filename": null, "id": "region_5045", "name": "pagefile_0x0000003f720f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272496525312, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272496590848, "type": "region", "version": 1 }, "end_va": 272497639423, "entry_point": 0, "filename": null, "id": "region_5046", "name": "private_0x0000003f72100000", "norm_filename": null, "region_type": "private_memory", "start_va": 272496590848, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272497639424, "type": "region", "version": 1 }, "end_va": 272498687999, "entry_point": 0, "filename": null, "id": "region_5047", "name": "private_0x0000003f72200000", "norm_filename": null, "region_type": "private_memory", "start_va": 272497639424, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272499212288, "type": "region", "version": 1 }, "end_va": 272499736575, "entry_point": 0, "filename": null, "id": "region_5048", "name": "private_0x0000003f72380000", "norm_filename": null, "region_type": "private_memory", "start_va": 272499212288, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272499736576, "type": "region", "version": 1 }, "end_va": 272500785151, "entry_point": 0, "filename": null, "id": "region_5049", "name": "private_0x0000003f72400000", "norm_filename": null, "region_type": "private_memory", "start_va": 272499736576, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272500785152, "type": "region", "version": 1 }, "end_va": 272501833727, "entry_point": 0, "filename": null, "id": "region_5050", "name": "private_0x0000003f72500000", "norm_filename": null, "region_type": "private_memory", "start_va": 272500785152, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272501833728, "type": "region", "version": 1 }, "end_va": 272502358015, "entry_point": 0, "filename": null, "id": "region_5051", "name": "private_0x0000003f72600000", "norm_filename": null, "region_type": "private_memory", "start_va": 272501833728, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272502358016, "type": "region", "version": 1 }, "end_va": 272503406591, "entry_point": 0, "filename": null, "id": "region_5052", "name": "private_0x0000003f72680000", "norm_filename": null, "region_type": "private_memory", "start_va": 272502358016, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272503406592, "type": "region", "version": 1 }, "end_va": 272503930879, "entry_point": 0, "filename": null, "id": "region_5053", "name": "private_0x0000003f72780000", "norm_filename": null, "region_type": "private_memory", "start_va": 272503406592, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272503930880, "type": "region", "version": 1 }, "end_va": 272504979455, "entry_point": 0, "filename": null, "id": "region_5054", "name": "private_0x0000003f72800000", "norm_filename": null, "region_type": "private_memory", "start_va": 272503930880, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 274432, "start_va": 272504979456, "type": "region", "version": 1 }, "end_va": 272505253887, "entry_point": 272504979456, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000007.db", "id": "region_5055", "name": "{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000007.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{6af0698e-d558-4f6e-9b3c-3716689af493}.2.ver0x0000000000000007.db", "region_type": "memory_mapped_file", "start_va": 272504979456, "timestamp": "00:02:34.636", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable" ], "ref_process_dump": null, "size": 569344, "start_va": 272505307136, "type": "region", "version": 1 }, "end_va": 272505876479, "entry_point": 272505307136, "filename": "\\ProgramData\\Microsoft\\Windows\\Caches\\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db", "id": "region_5056", "name": "{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db", "norm_filename": "c:\\programdata\\microsoft\\windows\\caches\\{ddf571f2-be98-426d-8288-1a9a39c3fda2}.2.ver0x0000000000000001.db", "region_type": "memory_mapped_file", "start_va": 272505307136, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272505896960, "type": "region", "version": 1 }, "end_va": 272506945535, "entry_point": 0, "filename": null, "id": "region_5057", "name": "private_0x0000003f729e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272505896960, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272506945536, "type": "region", "version": 1 }, "end_va": 272507469823, "entry_point": 0, "filename": null, "id": "region_5058", "name": "private_0x0000003f72ae0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272506945536, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272507469824, "type": "region", "version": 1 }, "end_va": 272508518399, "entry_point": 0, "filename": null, "id": "region_5059", "name": "private_0x0000003f72b60000", "norm_filename": null, "region_type": "private_memory", "start_va": 272507469824, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272508518400, "type": "region", "version": 1 }, "end_va": 272509566975, "entry_point": 0, "filename": null, "id": "region_5060", "name": "private_0x0000003f72c60000", "norm_filename": null, "region_type": "private_memory", "start_va": 272508518400, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272509566976, "type": "region", "version": 1 }, "end_va": 272510615551, "entry_point": 0, "filename": null, "id": "region_5061", "name": "private_0x0000003f72d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 272509566976, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272510615552, "type": "region", "version": 1 }, "end_va": 272511139839, "entry_point": 0, "filename": null, "id": "region_5062", "name": "private_0x0000003f72e60000", "norm_filename": null, "region_type": "private_memory", "start_va": 272510615552, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272511139840, "type": "region", "version": 1 }, "end_va": 272511664127, "entry_point": 0, "filename": null, "id": "region_5063", "name": "private_0x0000003f72ee0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272511139840, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272511664128, "type": "region", "version": 1 }, "end_va": 272512188415, "entry_point": 0, "filename": null, "id": "region_5064", "name": "private_0x0000003f72f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 272511664128, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272512188416, "type": "region", "version": 1 }, "end_va": 272512712703, "entry_point": 0, "filename": null, "id": "region_5065", "name": "private_0x0000003f72fe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272512188416, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272512712704, "type": "region", "version": 1 }, "end_va": 272513236991, "entry_point": 0, "filename": null, "id": "region_5066", "name": "private_0x0000003f73060000", "norm_filename": null, "region_type": "private_memory", "start_va": 272512712704, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 8192, "start_va": 272513236992, "type": "region", "version": 1 }, "end_va": 272513245183, "entry_point": 272513236992, "filename": "\\Windows\\System32\\en-US\\activeds.dll.mui", "id": "region_5067", "name": "activeds.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\activeds.dll.mui", "region_type": "memory_mapped_file", "start_va": 272513236992, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 272513302528, "type": "region", "version": 1 }, "end_va": 272513306623, "entry_point": 0, "filename": null, "id": "region_5068", "name": "pagefile_0x0000003f730f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272513302528, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272513368064, "type": "region", "version": 1 }, "end_va": 272514416639, "entry_point": 0, "filename": null, "id": "region_5069", "name": "private_0x0000003f73100000", "norm_filename": null, "region_type": "private_memory", "start_va": 272513368064, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272514416640, "type": "region", "version": 1 }, "end_va": 272515465215, "entry_point": 0, "filename": null, "id": "region_5070", "name": "private_0x0000003f73200000", "norm_filename": null, "region_type": "private_memory", "start_va": 272514416640, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272515465216, "type": "region", "version": 1 }, "end_va": 272515989503, "entry_point": 0, "filename": null, "id": "region_5071", "name": "private_0x0000003f73300000", "norm_filename": null, "region_type": "private_memory", "start_va": 272515465216, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 272515989504, "type": "region", "version": 1 }, "end_va": 272516018175, "entry_point": 0, "filename": null, "id": "region_5072", "name": "private_0x0000003f73380000", "norm_filename": null, "region_type": "private_memory", "start_va": 272515989504, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272516055040, "type": "region", "version": 1 }, "end_va": 272517103615, "entry_point": 0, "filename": null, "id": "region_5073", "name": "pagefile_0x0000003f73390000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272516055040, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272517103616, "type": "region", "version": 1 }, "end_va": 272517627903, "entry_point": 0, "filename": null, "id": "region_5074", "name": "private_0x0000003f73490000", "norm_filename": null, "region_type": "private_memory", "start_va": 272517103616, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 272517627904, "type": "region", "version": 1 }, "end_va": 272517640191, "entry_point": 0, "filename": null, "id": "region_5075", "name": "pagefile_0x0000003f73510000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272517627904, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 272517693440, "type": "region", "version": 1 }, "end_va": 272517697535, "entry_point": 0, "filename": null, "id": "region_5076", "name": "pagefile_0x0000003f73520000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 272517693440, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 272517758976, "type": "region", "version": 1 }, "end_va": 272517779455, "entry_point": 272517758976, "filename": "\\Windows\\System32\\winnlsres.dll", "id": "region_5077", "name": "winnlsres.dll", "norm_filename": "c:\\windows\\system32\\winnlsres.dll", "region_type": "memory_mapped_file", "start_va": 272517758976, "timestamp": "00:02:34.637", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 272517824512, "type": "region", "version": 1 }, "end_va": 272517853183, "entry_point": 0, "filename": null, "id": "region_5078", "name": "private_0x0000003f73540000", "norm_filename": null, "region_type": "private_memory", "start_va": 272517824512, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272517890048, "type": "region", "version": 1 }, "end_va": 272518938623, "entry_point": 0, "filename": null, "id": "region_5079", "name": "private_0x0000003f73550000", "norm_filename": null, "region_type": "private_memory", "start_va": 272517890048, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 272518938624, "type": "region", "version": 1 }, "end_va": 272519004159, "entry_point": 272518938624, "filename": "\\Windows\\System32\\en-US\\winnlsres.dll.mui", "id": "region_5080", "name": "winnlsres.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\winnlsres.dll.mui", "region_type": "memory_mapped_file", "start_va": 272518938624, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 272519004160, "type": "region", "version": 1 }, "end_va": 272519016447, "entry_point": 272519004160, "filename": "\\Windows\\System32\\en-US\\mswsock.dll.mui", "id": "region_5081", "name": "mswsock.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\mswsock.dll.mui", "region_type": "memory_mapped_file", "start_va": 272519004160, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 272519200768, "type": "region", "version": 1 }, "end_va": 272519229439, "entry_point": 0, "filename": null, "id": "region_5082", "name": "private_0x0000003f73690000", "norm_filename": null, "region_type": "private_memory", "start_va": 272519200768, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 272519266304, "type": "region", "version": 1 }, "end_va": 272519294975, "entry_point": 0, "filename": null, "id": "region_5083", "name": "private_0x0000003f736a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272519266304, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272519331840, "type": "region", "version": 1 }, "end_va": 272520380415, "entry_point": 0, "filename": null, "id": "region_5084", "name": "private_0x0000003f736b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272519331840, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272520380416, "type": "region", "version": 1 }, "end_va": 272520904703, "entry_point": 0, "filename": null, "id": "region_5085", "name": "private_0x0000003f737b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272520380416, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272520904704, "type": "region", "version": 1 }, "end_va": 272521953279, "entry_point": 0, "filename": null, "id": "region_5086", "name": "private_0x0000003f73830000", "norm_filename": null, "region_type": "private_memory", "start_va": 272520904704, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272521953280, "type": "region", "version": 1 }, "end_va": 272522477567, "entry_point": 0, "filename": null, "id": "region_5087", "name": "private_0x0000003f73930000", "norm_filename": null, "region_type": "private_memory", "start_va": 272521953280, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272522477568, "type": "region", "version": 1 }, "end_va": 272523526143, "entry_point": 0, "filename": null, "id": "region_5088", "name": "private_0x0000003f739b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272522477568, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272523526144, "type": "region", "version": 1 }, "end_va": 272524050431, "entry_point": 0, "filename": null, "id": "region_5089", "name": "private_0x0000003f73ab0000", "norm_filename": null, "region_type": "private_memory", "start_va": 272523526144, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272524050432, "type": "region", "version": 1 }, "end_va": 272525099007, "entry_point": 0, "filename": null, "id": "region_5090", "name": "private_0x0000003f73b30000", "norm_filename": null, "region_type": "private_memory", "start_va": 272524050432, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272525099008, "type": "region", "version": 1 }, "end_va": 272526147583, "entry_point": 0, "filename": null, "id": "region_5091", "name": "private_0x0000003f73c30000", "norm_filename": null, "region_type": "private_memory", "start_va": 272525099008, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272526147584, "type": "region", "version": 1 }, "end_va": 272527196159, "entry_point": 0, "filename": null, "id": "region_5092", "name": "private_0x0000003f73d30000", "norm_filename": null, "region_type": "private_memory", "start_va": 272526147584, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272527196160, "type": "region", "version": 1 }, "end_va": 272528244735, "entry_point": 0, "filename": null, "id": "region_5093", "name": "private_0x0000003f73e30000", "norm_filename": null, "region_type": "private_memory", "start_va": 272527196160, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272528244736, "type": "region", "version": 1 }, "end_va": 272529293311, "entry_point": 0, "filename": null, "id": "region_5094", "name": "private_0x0000003f73f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 272528244736, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272529293312, "type": "region", "version": 1 }, "end_va": 272530341887, "entry_point": 0, "filename": null, "id": "region_5095", "name": "private_0x0000003f74030000", "norm_filename": null, "region_type": "private_memory", "start_va": 272529293312, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 272530341888, "type": "region", "version": 1 }, "end_va": 272531255295, "entry_point": 272530341888, "filename": "\\Windows\\System32\\en-US\\KernelBase.dll.mui", "id": "region_5096", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 272530341888, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 272531259392, "type": "region", "version": 1 }, "end_va": 272531288063, "entry_point": 0, "filename": null, "id": "region_5097", "name": "private_0x0000003f74210000", "norm_filename": null, "region_type": "private_memory", "start_va": 272531259392, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272531324928, "type": "region", "version": 1 }, "end_va": 272532373503, "entry_point": 0, "filename": null, "id": "region_5098", "name": "private_0x0000003f74220000", "norm_filename": null, "region_type": "private_memory", "start_va": 272531324928, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272532373504, "type": "region", "version": 1 }, "end_va": 272532897791, "entry_point": 0, "filename": null, "id": "region_5099", "name": "private_0x0000003f74320000", "norm_filename": null, "region_type": "private_memory", "start_va": 272532373504, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272533291008, "type": "region", "version": 1 }, "end_va": 272534339583, "entry_point": 0, "filename": null, "id": "region_5100", "name": "private_0x0000003f74400000", "norm_filename": null, "region_type": "private_memory", "start_va": 272533291008, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272534339584, "type": "region", "version": 1 }, "end_va": 272535388159, "entry_point": 0, "filename": null, "id": "region_5101", "name": "private_0x0000003f74500000", "norm_filename": null, "region_type": "private_memory", "start_va": 272534339584, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272535388160, "type": "region", "version": 1 }, "end_va": 272536436735, "entry_point": 0, "filename": null, "id": "region_5102", "name": "private_0x0000003f74600000", "norm_filename": null, "region_type": "private_memory", "start_va": 272535388160, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272536436736, "type": "region", "version": 1 }, "end_va": 272537485311, "entry_point": 0, "filename": null, "id": "region_5103", "name": "private_0x0000003f74700000", "norm_filename": null, "region_type": "private_memory", "start_va": 272536436736, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272537485312, "type": "region", "version": 1 }, "end_va": 272538533887, "entry_point": 0, "filename": null, "id": "region_5104", "name": "private_0x0000003f74800000", "norm_filename": null, "region_type": "private_memory", "start_va": 272537485312, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272538533888, "type": "region", "version": 1 }, "end_va": 272539582463, "entry_point": 0, "filename": null, "id": "region_5105", "name": "private_0x0000003f74900000", "norm_filename": null, "region_type": "private_memory", "start_va": 272538533888, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272539582464, "type": "region", "version": 1 }, "end_va": 272540631039, "entry_point": 0, "filename": null, "id": "region_5106", "name": "private_0x0000003f74a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272539582464, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272540631040, "type": "region", "version": 1 }, "end_va": 272541679615, "entry_point": 0, "filename": null, "id": "region_5107", "name": "private_0x0000003f74b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272540631040, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272541679616, "type": "region", "version": 1 }, "end_va": 272542728191, "entry_point": 0, "filename": null, "id": "region_5108", "name": "private_0x0000003f74c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272541679616, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272542728192, "type": "region", "version": 1 }, "end_va": 272543776767, "entry_point": 0, "filename": null, "id": "region_5109", "name": "private_0x0000003f74d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272542728192, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272543776768, "type": "region", "version": 1 }, "end_va": 272544825343, "entry_point": 0, "filename": null, "id": "region_5110", "name": "private_0x0000003f74e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272543776768, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272544825344, "type": "region", "version": 1 }, "end_va": 272545873919, "entry_point": 0, "filename": null, "id": "region_5111", "name": "private_0x0000003f74f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272544825344, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272545873920, "type": "region", "version": 1 }, "end_va": 272546922495, "entry_point": 0, "filename": null, "id": "region_5112", "name": "private_0x0000003f75000000", "norm_filename": null, "region_type": "private_memory", "start_va": 272545873920, "timestamp": "00:02:34.638", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272546922496, "type": "region", "version": 1 }, "end_va": 272547971071, "entry_point": 0, "filename": null, "id": "region_5113", "name": "private_0x0000003f75100000", "norm_filename": null, "region_type": "private_memory", "start_va": 272546922496, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272547971072, "type": "region", "version": 1 }, "end_va": 272549019647, "entry_point": 0, "filename": null, "id": "region_5114", "name": "private_0x0000003f75200000", "norm_filename": null, "region_type": "private_memory", "start_va": 272547971072, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272549019648, "type": "region", "version": 1 }, "end_va": 272550068223, "entry_point": 0, "filename": null, "id": "region_5115", "name": "private_0x0000003f75300000", "norm_filename": null, "region_type": "private_memory", "start_va": 272549019648, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272550068224, "type": "region", "version": 1 }, "end_va": 272551116799, "entry_point": 0, "filename": null, "id": "region_5116", "name": "private_0x0000003f75400000", "norm_filename": null, "region_type": "private_memory", "start_va": 272550068224, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272551116800, "type": "region", "version": 1 }, "end_va": 272552165375, "entry_point": 0, "filename": null, "id": "region_5117", "name": "private_0x0000003f75500000", "norm_filename": null, "region_type": "private_memory", "start_va": 272551116800, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272552165376, "type": "region", "version": 1 }, "end_va": 272553213951, "entry_point": 0, "filename": null, "id": "region_5118", "name": "private_0x0000003f75600000", "norm_filename": null, "region_type": "private_memory", "start_va": 272552165376, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272553213952, "type": "region", "version": 1 }, "end_va": 272554262527, "entry_point": 0, "filename": null, "id": "region_5119", "name": "private_0x0000003f75700000", "norm_filename": null, "region_type": "private_memory", "start_va": 272553213952, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272554262528, "type": "region", "version": 1 }, "end_va": 272555311103, "entry_point": 0, "filename": null, "id": "region_5120", "name": "private_0x0000003f75800000", "norm_filename": null, "region_type": "private_memory", "start_va": 272554262528, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272555311104, "type": "region", "version": 1 }, "end_va": 272556359679, "entry_point": 0, "filename": null, "id": "region_5121", "name": "private_0x0000003f75900000", "norm_filename": null, "region_type": "private_memory", "start_va": 272555311104, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272556359680, "type": "region", "version": 1 }, "end_va": 272557408255, "entry_point": 0, "filename": null, "id": "region_5122", "name": "private_0x0000003f75a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272556359680, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272557408256, "type": "region", "version": 1 }, "end_va": 272558456831, "entry_point": 0, "filename": null, "id": "region_5123", "name": "private_0x0000003f75b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272557408256, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272558456832, "type": "region", "version": 1 }, "end_va": 272559505407, "entry_point": 0, "filename": null, "id": "region_5124", "name": "private_0x0000003f75c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272558456832, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272559505408, "type": "region", "version": 1 }, "end_va": 272560553983, "entry_point": 0, "filename": null, "id": "region_5125", "name": "private_0x0000003f75d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272559505408, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272560553984, "type": "region", "version": 1 }, "end_va": 272561602559, "entry_point": 0, "filename": null, "id": "region_5126", "name": "private_0x0000003f75e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272560553984, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272561602560, "type": "region", "version": 1 }, "end_va": 272562651135, "entry_point": 0, "filename": null, "id": "region_5127", "name": "private_0x0000003f75f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272561602560, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272562651136, "type": "region", "version": 1 }, "end_va": 272563699711, "entry_point": 0, "filename": null, "id": "region_5128", "name": "private_0x0000003f76000000", "norm_filename": null, "region_type": "private_memory", "start_va": 272562651136, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272563699712, "type": "region", "version": 1 }, "end_va": 272564748287, "entry_point": 0, "filename": null, "id": "region_5129", "name": "private_0x0000003f76100000", "norm_filename": null, "region_type": "private_memory", "start_va": 272563699712, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272564748288, "type": "region", "version": 1 }, "end_va": 272565796863, "entry_point": 0, "filename": null, "id": "region_5130", "name": "private_0x0000003f76200000", "norm_filename": null, "region_type": "private_memory", "start_va": 272564748288, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272565796864, "type": "region", "version": 1 }, "end_va": 272566845439, "entry_point": 0, "filename": null, "id": "region_5131", "name": "private_0x0000003f76300000", "norm_filename": null, "region_type": "private_memory", "start_va": 272565796864, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272566845440, "type": "region", "version": 1 }, "end_va": 272567894015, "entry_point": 0, "filename": null, "id": "region_5132", "name": "private_0x0000003f76400000", "norm_filename": null, "region_type": "private_memory", "start_va": 272566845440, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272567894016, "type": "region", "version": 1 }, "end_va": 272568942591, "entry_point": 0, "filename": null, "id": "region_5133", "name": "private_0x0000003f76500000", "norm_filename": null, "region_type": "private_memory", "start_va": 272567894016, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272568942592, "type": "region", "version": 1 }, "end_va": 272569991167, "entry_point": 0, "filename": null, "id": "region_5134", "name": "private_0x0000003f76600000", "norm_filename": null, "region_type": "private_memory", "start_va": 272568942592, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272569991168, "type": "region", "version": 1 }, "end_va": 272571039743, "entry_point": 0, "filename": null, "id": "region_5135", "name": "private_0x0000003f76700000", "norm_filename": null, "region_type": "private_memory", "start_va": 272569991168, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272571039744, "type": "region", "version": 1 }, "end_va": 272572088319, "entry_point": 0, "filename": null, "id": "region_5136", "name": "private_0x0000003f76800000", "norm_filename": null, "region_type": "private_memory", "start_va": 272571039744, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272572088320, "type": "region", "version": 1 }, "end_va": 272573136895, "entry_point": 0, "filename": null, "id": "region_5137", "name": "private_0x0000003f76900000", "norm_filename": null, "region_type": "private_memory", "start_va": 272572088320, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272573136896, "type": "region", "version": 1 }, "end_va": 272574185471, "entry_point": 0, "filename": null, "id": "region_5138", "name": "private_0x0000003f76a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272573136896, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272574185472, "type": "region", "version": 1 }, "end_va": 272575234047, "entry_point": 0, "filename": null, "id": "region_5139", "name": "private_0x0000003f76b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272574185472, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272575234048, "type": "region", "version": 1 }, "end_va": 272576282623, "entry_point": 0, "filename": null, "id": "region_5140", "name": "private_0x0000003f76c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272575234048, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272576282624, "type": "region", "version": 1 }, "end_va": 272577331199, "entry_point": 0, "filename": null, "id": "region_5141", "name": "private_0x0000003f76d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272576282624, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272577331200, "type": "region", "version": 1 }, "end_va": 272578379775, "entry_point": 0, "filename": null, "id": "region_5142", "name": "private_0x0000003f76e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272577331200, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272578379776, "type": "region", "version": 1 }, "end_va": 272579428351, "entry_point": 0, "filename": null, "id": "region_5143", "name": "private_0x0000003f76f00000", "norm_filename": null, "region_type": "private_memory", "start_va": 272578379776, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272579428352, "type": "region", "version": 1 }, "end_va": 272580476927, "entry_point": 0, "filename": null, "id": "region_5144", "name": "private_0x0000003f77000000", "norm_filename": null, "region_type": "private_memory", "start_va": 272579428352, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272580476928, "type": "region", "version": 1 }, "end_va": 272581525503, "entry_point": 0, "filename": null, "id": "region_5145", "name": "private_0x0000003f77100000", "norm_filename": null, "region_type": "private_memory", "start_va": 272580476928, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 272581525504, "type": "region", "version": 1 }, "end_va": 272582049791, "entry_point": 0, "filename": null, "id": "region_5146", "name": "private_0x0000003f77200000", "norm_filename": null, "region_type": "private_memory", "start_va": 272581525504, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272582049792, "type": "region", "version": 1 }, "end_va": 272583098367, "entry_point": 0, "filename": null, "id": "region_5147", "name": "private_0x0000003f77280000", "norm_filename": null, "region_type": "private_memory", "start_va": 272582049792, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272583098368, "type": "region", "version": 1 }, "end_va": 272584146943, "entry_point": 0, "filename": null, "id": "region_5148", "name": "private_0x0000003f77380000", "norm_filename": null, "region_type": "private_memory", "start_va": 272583098368, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272584146944, "type": "region", "version": 1 }, "end_va": 272585195519, "entry_point": 0, "filename": null, "id": "region_5149", "name": "private_0x0000003f77480000", "norm_filename": null, "region_type": "private_memory", "start_va": 272584146944, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272585195520, "type": "region", "version": 1 }, "end_va": 272586244095, "entry_point": 0, "filename": null, "id": "region_5150", "name": "private_0x0000003f77580000", "norm_filename": null, "region_type": "private_memory", "start_va": 272585195520, "timestamp": "00:02:34.639", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 272586244096, "type": "region", "version": 1 }, "end_va": 272587292671, "entry_point": 0, "filename": null, "id": "region_5151", "name": "private_0x0000003f77680000", "norm_filename": null, "region_type": "private_memory", "start_va": 272586244096, "timestamp": "00:02:34.639", "type": "region", "version": 1 } ], "terminate_reason": "timeout", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding", "filename": "c:\\windows\\system32\\wbem\\wmiprvse.exe", "id": "proc_12", "image_name": "wmiprvse.exe", "monitor_reason": "rpc_server", "monitored_id": 12, "origin_monitor_id": 11, "ref_parent_process": { "ref_id": "proc_11", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_5386", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 868288036864, "type": "region", "version": 1 }, "end_va": 868288102399, "entry_point": 0, "filename": null, "id": "region_5387", "name": "pagefile_0x000000ca2a000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 868288036864, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 868288102400, "type": "region", "version": 1 }, "end_va": 868288131071, "entry_point": 0, "filename": null, "id": "region_5388", "name": "private_0x000000ca2a010000", "norm_filename": null, "region_type": "private_memory", "start_va": 868288102400, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 868288167936, "type": "region", "version": 1 }, "end_va": 868288249855, "entry_point": 0, "filename": null, "id": "region_5389", "name": "pagefile_0x000000ca2a020000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 868288167936, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 868288299008, "type": "region", "version": 1 }, "end_va": 868288823295, "entry_point": 0, "filename": null, "id": "region_5390", "name": "private_0x000000ca2a040000", "norm_filename": null, "region_type": "private_memory", "start_va": 868288299008, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 868288823296, "type": "region", "version": 1 }, "end_va": 868288839679, "entry_point": 0, "filename": null, "id": "region_5391", "name": "pagefile_0x000000ca2a0c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 868288823296, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 868288888832, "type": "region", "version": 1 }, "end_va": 868288892927, "entry_point": 0, "filename": null, "id": "region_5392", "name": "pagefile_0x000000ca2a0d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 868288888832, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 868288954368, "type": "region", "version": 1 }, "end_va": 868288962559, "entry_point": 0, "filename": null, "id": "region_5393", "name": "private_0x000000ca2a0e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 868288954368, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 868289019904, "type": "region", "version": 1 }, "end_va": 868289798143, "entry_point": 868289019904, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5394", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 868289019904, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 868289806336, "type": "region", "version": 1 }, "end_va": 868290330623, "entry_point": 0, "filename": null, "id": "region_5395", "name": "private_0x000000ca2a1b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 868289806336, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 868290330624, "type": "region", "version": 1 }, "end_va": 868290359295, "entry_point": 0, "filename": null, "id": "region_5396", "name": "private_0x000000ca2a230000", "norm_filename": null, "region_type": "private_memory", "start_va": 868290330624, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 868290396160, "type": "region", "version": 1 }, "end_va": 868290400255, "entry_point": 0, "filename": null, "id": "region_5397", "name": "private_0x000000ca2a240000", "norm_filename": null, "region_type": "private_memory", "start_va": 868290396160, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 868290461696, "type": "region", "version": 1 }, "end_va": 868290465791, "entry_point": 0, "filename": null, "id": "region_5398", "name": "private_0x000000ca2a250000", "norm_filename": null, "region_type": "private_memory", "start_va": 868290461696, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 868290527232, "type": "region", "version": 1 }, "end_va": 868290547711, "entry_point": 868290527232, "filename": "\\Windows\\System32\\en-US\\user32.dll.mui", "id": "region_5399", "name": "user32.dll.mui", "norm_filename": "c:\\windows\\system32\\en-us\\user32.dll.mui", "region_type": "memory_mapped_file", "start_va": 868290527232, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 868290592768, "type": "region", "version": 1 }, "end_va": 868290596863, "entry_point": 0, "filename": null, "id": "region_5400", "name": "pagefile_0x000000ca2a270000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 868290592768, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 868290658304, "type": "region", "version": 1 }, "end_va": 868290662399, "entry_point": 0, "filename": null, "id": "region_5401", "name": "pagefile_0x000000ca2a280000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 868290658304, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 868290723840, "type": "region", "version": 1 }, "end_va": 868290727935, "entry_point": 0, "filename": null, "id": "region_5402", "name": "pagefile_0x000000ca2a290000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 868290723840, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 12288, "start_va": 868290789376, "type": "region", "version": 1 }, "end_va": 868290801663, "entry_point": 868290789376, "filename": "\\Windows\\System32\\wmi.dll", "id": "region_5403", "name": "wmi.dll", "norm_filename": "c:\\windows\\system32\\wmi.dll", "region_type": "memory_mapped_file", "start_va": 868290789376, "timestamp": "00:02:35.213", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 12288, "start_va": 868290854912, "type": "region", "version": 1 }, "end_va": 868290867199, "entry_point": 868290854912, "filename": "\\Windows\\System32\\wbem\\en-US\\cimwin32.dll.mui", "id": "region_5404", "name": "cimwin32.dll.mui", "norm_filename": "c:\\windows\\system32\\wbem\\en-us\\cimwin32.dll.mui", "region_type": "memory_mapped_file", "start_va": 868290854912, "timestamp": "00:02:35.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 868290920448, "type": "region", "version": 1 }, "end_va": 868290928639, "entry_point": 0, "filename": null, "id": "region_5405", "name": "pagefile_0x000000ca2a2c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 868290920448, "timestamp": "00:02:35.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 868291051520, "type": "region", "version": 1 }, "end_va": 868292100095, "entry_point": 0, "filename": null, "id": "region_5406", "name": "private_0x000000ca2a2e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 868291051520, "timestamp": "00:02:35.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 868292100096, "type": "region", "version": 1 }, "end_va": 868292624383, "entry_point": 0, "filename": null, "id": "region_5407", "name": "private_0x000000ca2a3e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 868292100096, "timestamp": "00:02:35.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 868292820992, "type": "region", "version": 1 }, "end_va": 868292886527, "entry_point": 0, "filename": null, "id": "region_5408", "name": "private_0x000000ca2a490000", "norm_filename": null, "region_type": "private_memory", "start_va": 868292820992, "timestamp": "00:02:35.214", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 868292886528, "type": "region", "version": 1 }, "end_va": 868296257535, "entry_point": 868292886528, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_5409", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 868292886528, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 868296294400, "type": "region", "version": 1 }, "end_va": 868297900031, "entry_point": 0, "filename": null, "id": "region_5410", "name": "pagefile_0x000000ca2a7e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 868296294400, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 868297932800, "type": "region", "version": 1 }, "end_va": 868299509759, "entry_point": 0, "filename": null, "id": "region_5411", "name": "pagefile_0x000000ca2a970000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 868297932800, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 786432, "start_va": 868299571200, "type": "region", "version": 1 }, "end_va": 868300357631, "entry_point": 0, "filename": null, "id": "region_5412", "name": "pagefile_0x000000ca2ab00000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 868299571200, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 868300357632, "type": "region", "version": 1 }, "end_va": 868301406207, "entry_point": 0, "filename": null, "id": "region_5413", "name": "private_0x000000ca2abc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 868300357632, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 868301406208, "type": "region", "version": 1 }, "end_va": 868301930495, "entry_point": 0, "filename": null, "id": "region_5414", "name": "private_0x000000ca2acc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 868301406208, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 868301930496, "type": "region", "version": 1 }, "end_va": 868302454783, "entry_point": 0, "filename": null, "id": "region_5415", "name": "private_0x000000ca2ad40000", "norm_filename": null, "region_type": "private_memory", "start_va": 868301930496, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 868302454784, "type": "region", "version": 1 }, "end_va": 868302979071, "entry_point": 0, "filename": null, "id": "region_5416", "name": "private_0x000000ca2adc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 868302454784, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 868302979072, "type": "region", "version": 1 }, "end_va": 868303503359, "entry_point": 0, "filename": null, "id": "region_5417", "name": "private_0x000000ca2ae40000", "norm_filename": null, "region_type": "private_memory", "start_va": 868302979072, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 868303503360, "type": "region", "version": 1 }, "end_va": 868304027647, "entry_point": 0, "filename": null, "id": "region_5418", "name": "private_0x000000ca2aec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 868303503360, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 868304027648, "type": "region", "version": 1 }, "end_va": 868304551935, "entry_point": 0, "filename": null, "id": "region_5419", "name": "private_0x000000ca2af40000", "norm_filename": null, "region_type": "private_memory", "start_va": 868304027648, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 868304551936, "type": "region", "version": 1 }, "end_va": 868305076223, "entry_point": 0, "filename": null, "id": "region_5420", "name": "private_0x000000ca2afc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 868304551936, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 868305076224, "type": "region", "version": 1 }, "end_va": 868305600511, "entry_point": 0, "filename": null, "id": "region_5421", "name": "private_0x000000ca2b040000", "norm_filename": null, "region_type": "private_memory", "start_va": 868305076224, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138495508938752, "type": "region", "version": 1 }, "end_va": 140694532194303, "entry_point": 0, "filename": null, "id": "region_5422", "name": "pagefile_0x00007df5ff9d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138495508938752, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699225710592, "type": "region", "version": 1 }, "end_va": 140699225718783, "entry_point": 0, "filename": null, "id": "region_5423", "name": "private_0x00007ff7175e6000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699225710592, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699225718784, "type": "region", "version": 1 }, "end_va": 140699225726975, "entry_point": 0, "filename": null, "id": "region_5424", "name": "private_0x00007ff7175e8000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699225718784, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699225726976, "type": "region", "version": 1 }, "end_va": 140699225735167, "entry_point": 0, "filename": null, "id": "region_5425", "name": "private_0x00007ff7175ea000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699225726976, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699225735168, "type": "region", "version": 1 }, "end_va": 140699225743359, "entry_point": 0, "filename": null, "id": "region_5426", "name": "private_0x00007ff7175ec000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699225735168, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699225743360, "type": "region", "version": 1 }, "end_va": 140699225751551, "entry_point": 0, "filename": null, "id": "region_5427", "name": "private_0x00007ff7175ee000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699225743360, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140699225751552, "type": "region", "version": 1 }, "end_va": 140699226800127, "entry_point": 0, "filename": null, "id": "region_5428", "name": "pagefile_0x00007ff7175f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140699225751552, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140699226800128, "type": "region", "version": 1 }, "end_va": 140699226943487, "entry_point": 0, "filename": null, "id": "region_5429", "name": "pagefile_0x00007ff7176f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140699226800128, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699226943488, "type": "region", "version": 1 }, "end_va": 140699226951679, "entry_point": 0, "filename": null, "id": "region_5430", "name": "private_0x00007ff717713000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699226943488, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140699226951680, "type": "region", "version": 1 }, "end_va": 140699226955775, "entry_point": 0, "filename": null, "id": "region_5431", "name": "private_0x00007ff717715000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699226951680, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699226955776, "type": "region", "version": 1 }, "end_va": 140699226963967, "entry_point": 0, "filename": null, "id": "region_5432", "name": "private_0x00007ff717716000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699226955776, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699226963968, "type": "region", "version": 1 }, "end_va": 140699226972159, "entry_point": 0, "filename": null, "id": "region_5433", "name": "private_0x00007ff717718000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699226963968, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699226972160, "type": "region", "version": 1 }, "end_va": 140699226980351, "entry_point": 0, "filename": null, "id": "region_5434", "name": "private_0x00007ff71771a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699226972160, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699226980352, "type": "region", "version": 1 }, "end_va": 140699226988543, "entry_point": 0, "filename": null, "id": "region_5435", "name": "private_0x00007ff71771c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699226980352, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140699226988544, "type": "region", "version": 1 }, "end_va": 140699226996735, "entry_point": 0, "filename": null, "id": "region_5436", "name": "private_0x00007ff71771e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140699226988544, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 520192, "start_va": 140699231125504, "type": "region", "version": 1 }, "end_va": 140699231645695, "entry_point": 140699231125504, "filename": "\\Windows\\System32\\wbem\\WmiPrvSE.exe", "id": "region_5437", "name": "wmiprvse.exe", "norm_filename": "c:\\windows\\system32\\wbem\\wmiprvse.exe", "region_type": "memory_mapped_file", "start_va": 140699231125504, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 140711179386880, "type": "region", "version": 1 }, "end_va": 140711179706367, "entry_point": 140711179386880, "filename": "\\Windows\\System32\\framedynos.dll", "id": "region_5438", "name": "framedynos.dll", "norm_filename": "c:\\windows\\system32\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 140711179386880, "timestamp": "00:02:35.215", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1892352, "start_va": 140711179714560, "type": "region", "version": 1 }, "end_va": 140711181606911, "entry_point": 140711179714560, "filename": "\\Windows\\System32\\wbem\\cimwin32.dll", "id": "region_5439", "name": "cimwin32.dll", "norm_filename": "c:\\windows\\system32\\wbem\\cimwin32.dll", "region_type": "memory_mapped_file", "start_va": 140711179714560, "timestamp": "00:02:35.220", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 151552, "start_va": 140711186268160, "type": "region", "version": 1 }, "end_va": 140711186419711, "entry_point": 140711186268160, "filename": "\\Windows\\System32\\wbem\\wmiutils.dll", "id": "region_5440", "name": "wmiutils.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wmiutils.dll", "region_type": "memory_mapped_file", "start_va": 140711186268160, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 81920, "start_va": 140711186464768, "type": "region", "version": 1 }, "end_va": 140711186546687, "entry_point": 140711186464768, "filename": "\\Windows\\System32\\wbem\\wbemsvc.dll", "id": "region_5441", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 140711186464768, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1015808, "start_va": 140711186595840, "type": "region", "version": 1 }, "end_va": 140711187611647, "entry_point": 140711186595840, "filename": "\\Windows\\System32\\wbem\\fastprox.dll", "id": "region_5442", "name": "fastprox.dll", "norm_filename": "c:\\windows\\system32\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 140711186595840, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 140711192494080, "type": "region", "version": 1 }, "end_va": 140711192584191, "entry_point": 140711192494080, "filename": "\\Windows\\System32\\ncobjapi.dll", "id": "region_5443", "name": "ncobjapi.dll", "norm_filename": "c:\\windows\\system32\\ncobjapi.dll", "region_type": "memory_mapped_file", "start_va": 140711192494080, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 520192, "start_va": 140711215169536, "type": "region", "version": 1 }, "end_va": 140711215689727, "entry_point": 140711215169536, "filename": "\\Windows\\System32\\wbemcomn.dll", "id": "region_5444", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\system32\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 140711215169536, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140711260520448, "type": "region", "version": 1 }, "end_va": 140711260590079, "entry_point": 140711260520448, "filename": "\\Windows\\System32\\wbem\\wbemprox.dll", "id": "region_5445", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\system32\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 140711260520448, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 140711317340160, "type": "region", "version": 1 }, "end_va": 140711317409791, "entry_point": 140711317340160, "filename": "\\Windows\\System32\\wmiclnt.dll", "id": "region_5446", "name": "wmiclnt.dll", "norm_filename": "c:\\windows\\system32\\wmiclnt.dll", "region_type": "memory_mapped_file", "start_va": 140711317340160, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 208896, "start_va": 140711356530688, "type": "region", "version": 1 }, "end_va": 140711356739583, "entry_point": 140711356530688, "filename": "\\Windows\\System32\\rsaenh.dll", "id": "region_5447", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\system32\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 140711356530688, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 140711360397312, "type": "region", "version": 1 }, "end_va": 140711360491519, "entry_point": 140711360397312, "filename": "\\Windows\\System32\\cryptsp.dll", "id": "region_5448", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\system32\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 140711360397312, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 140711361904640, "type": "region", "version": 1 }, "end_va": 140711361949695, "entry_point": 140711361904640, "filename": "\\Windows\\System32\\cryptbase.dll", "id": "region_5449", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\system32\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 140711361904640, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 180224, "start_va": 140711363870720, "type": "region", "version": 1 }, "end_va": 140711364050943, "entry_point": 140711363870720, "filename": "\\Windows\\System32\\sspicli.dll", "id": "region_5450", "name": "sspicli.dll", "norm_filename": "c:\\windows\\system32\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 140711363870720, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 163840, "start_va": 140711365967872, "type": "region", "version": 1 }, "end_va": 140711366131711, "entry_point": 140711365967872, "filename": "\\Windows\\System32\\bcrypt.dll", "id": "region_5451", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\system32\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 140711365967872, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 438272, "start_va": 140711366164480, "type": "region", "version": 1 }, "end_va": 140711366602751, "entry_point": 140711366164480, "filename": "\\Windows\\System32\\bcryptprimitives.dll", "id": "region_5452", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\system32\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 140711366164480, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 303104, "start_va": 140711368065024, "type": "region", "version": 1 }, "end_va": 140711368368127, "entry_point": 140711368065024, "filename": "\\Windows\\System32\\powrprof.dll", "id": "region_5453", "name": "powrprof.dll", "norm_filename": "c:\\windows\\system32\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 140711368065024, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 140711368392704, "type": "region", "version": 1 }, "end_va": 140711368454143, "entry_point": 140711368392704, "filename": "\\Windows\\System32\\kernel.appcore.dll", "id": "region_5454", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\system32\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 140711368392704, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1953792, "start_va": 140711379206144, "type": "region", "version": 1 }, "end_va": 140711381159935, "entry_point": 140711379206144, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_5455", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140711379206144, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 140711381172224, "type": "region", "version": 1 }, "end_va": 140711381815295, "entry_point": 140711381172224, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_5456", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140711381172224, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1368064, "start_va": 140711381827584, "type": "region", "version": 1 }, "end_va": 140711383195647, "entry_point": 140711381827584, "filename": "\\Windows\\System32\\user32.dll", "id": "region_5457", "name": "user32.dll", "norm_filename": "c:\\windows\\system32\\user32.dll", "region_type": "memory_mapped_file", "start_va": 140711381827584, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2605056, "start_va": 140711385038848, "type": "region", "version": 1 }, "end_va": 140711387643903, "entry_point": 140711385038848, "filename": "\\Windows\\System32\\combase.dll", "id": "region_5458", "name": "combase.dll", "norm_filename": "c:\\windows\\system32\\combase.dll", "region_type": "memory_mapped_file", "start_va": 140711385038848, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 679936, "start_va": 140711387660288, "type": "region", "version": 1 }, "end_va": 140711388340223, "entry_point": 140711387660288, "filename": "\\Windows\\System32\\advapi32.dll", "id": "region_5459", "name": "advapi32.dll", "norm_filename": "c:\\windows\\system32\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 140711387660288, "timestamp": "00:02:35.222", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 675840, "start_va": 140711388381184, "type": "region", "version": 1 }, "end_va": 140711389057023, "entry_point": 140711388381184, "filename": "\\Windows\\System32\\clbcatq.dll", "id": "region_5460", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\system32\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 140711388381184, "timestamp": "00:02:35.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 140711393689600, "type": "region", "version": 1 }, "end_va": 140711394467839, "entry_point": 140711393689600, "filename": "\\Windows\\System32\\oleaut32.dll", "id": "region_5461", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\system32\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 140711393689600, "timestamp": "00:02:35.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 430080, "start_va": 140711394541568, "type": "region", "version": 1 }, "end_va": 140711394971647, "entry_point": 140711394541568, "filename": "\\Windows\\System32\\ws2_32.dll", "id": "region_5462", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\system32\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 140711394541568, "timestamp": "00:02:35.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1204224, "start_va": 140711417217024, "type": "region", "version": 1 }, "end_va": 140711418421247, "entry_point": 140711417217024, "filename": "\\Windows\\System32\\rpcrt4.dll", "id": "region_5463", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\system32\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 140711417217024, "timestamp": "00:02:35.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 372736, "start_va": 140711418593280, "type": "region", "version": 1 }, "end_va": 140711418966015, "entry_point": 140711418593280, "filename": "\\Windows\\System32\\sechost.dll", "id": "region_5464", "name": "sechost.dll", "norm_filename": "c:\\windows\\system32\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 140711418593280, "timestamp": "00:02:35.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 708608, "start_va": 140711418986496, "type": "region", "version": 1 }, "end_va": 140711419695103, "entry_point": 140711418986496, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_5465", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140711418986496, "timestamp": "00:02:35.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1593344, "start_va": 140711421607936, "type": "region", "version": 1 }, "end_va": 140711423201279, "entry_point": 140711421607936, "filename": "\\Windows\\System32\\gdi32.dll", "id": "region_5466", "name": "gdi32.dll", "norm_filename": "c:\\windows\\system32\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 140711421607936, "timestamp": "00:02:35.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 140711423639552, "type": "region", "version": 1 }, "end_va": 140711423672319, "entry_point": 140711423639552, "filename": "\\Windows\\System32\\nsi.dll", "id": "region_5467", "name": "nsi.dll", "norm_filename": "c:\\windows\\system32\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 140711423639552, "timestamp": "00:02:35.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140711424360448, "type": "region", "version": 1 }, "end_va": 140711426203647, "entry_point": 140711424360448, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_5468", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140711424360448, "timestamp": "00:02:35.223", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 126976, "start_va": 140711357513728, "type": "region", "version": 1 }, "end_va": 140711357640703, "entry_point": 140711357513728, "filename": "\\Windows\\System32\\userenv.dll", "id": "region_5469", "name": "userenv.dll", "norm_filename": "c:\\windows\\system32\\userenv.dll", "region_type": "memory_mapped_file", "start_va": 140711357513728, "timestamp": "00:02:35.243", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 140711367933952, "type": "region", "version": 1 }, "end_va": 140711368011775, "entry_point": 140711367933952, "filename": "\\Windows\\System32\\profapi.dll", "id": "region_5470", "name": "profapi.dll", "norm_filename": "c:\\windows\\system32\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 140711367933952, "timestamp": "00:02:35.243", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "cmd /c start C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\tubcvd.exe", "filename": "c:\\windows\\system32\\cmd.exe", "id": "proc_13", "image_name": "cmd.exe", "monitor_reason": "child_process", "monitored_id": 13, "origin_monitor_id": 12, "ref_parent_process": { "ref_id": "proc_12", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_5471", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 826799554560, "type": "region", "version": 1 }, "end_va": 826799685631, "entry_point": 0, "filename": null, "id": "region_5472", "name": "private_0x000000c081180000", "norm_filename": null, "region_type": "private_memory", "start_va": 826799554560, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 826799685632, "type": "region", "version": 1 }, "end_va": 826799767551, "entry_point": 0, "filename": null, "id": "region_5473", "name": "pagefile_0x000000c0811a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 826799685632, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 826799816704, "type": "region", "version": 1 }, "end_va": 826800865279, "entry_point": 0, "filename": null, "id": "region_5474", "name": "private_0x000000c0811c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 826799816704, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 826800865280, "type": "region", "version": 1 }, "end_va": 826800881663, "entry_point": 0, "filename": null, "id": "region_5475", "name": "pagefile_0x000000c0812c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 826800865280, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 826800930816, "type": "region", "version": 1 }, "end_va": 826800934911, "entry_point": 0, "filename": null, "id": "region_5476", "name": "pagefile_0x000000c0812d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 826800930816, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 826800996352, "type": "region", "version": 1 }, "end_va": 826801004543, "entry_point": 0, "filename": null, "id": "region_5477", "name": "private_0x000000c0812e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 826800996352, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138495503368192, "type": "region", "version": 1 }, "end_va": 140694526623743, "entry_point": 0, "filename": null, "id": "region_5478", "name": "pagefile_0x00007df5ff480000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138495503368192, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 140696063377408, "type": "region", "version": 1 }, "end_va": 140696063520767, "entry_point": 0, "filename": null, "id": "region_5479", "name": "pagefile_0x00007ff65ae10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140696063377408, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696063557632, "type": "region", "version": 1 }, "end_va": 140696063565823, "entry_point": 0, "filename": null, "id": "region_5480", "name": "private_0x00007ff65ae3c000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696063557632, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 140696063565824, "type": "region", "version": 1 }, "end_va": 140696063569919, "entry_point": 0, "filename": null, "id": "region_5481", "name": "private_0x00007ff65ae3e000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696063565824, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 140696079892480, "type": "region", "version": 1 }, "end_va": 140696080257023, "entry_point": 140696079892480, "filename": "\\Windows\\System32\\cmd.exe", "id": "region_5482", "name": "cmd.exe", "norm_filename": "c:\\windows\\system32\\cmd.exe", "region_type": "memory_mapped_file", "start_va": 140696079892480, "timestamp": "00:02:35.255", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140711424360448, "type": "region", "version": 1 }, "end_va": 140711426203647, "entry_point": 140711424360448, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_5483", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140711424360448, "timestamp": "00:02:35.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 826802700288, "type": "region", "version": 1 }, "end_va": 826803748863, "entry_point": 0, "filename": null, "id": "region_5484", "name": "private_0x000000c081480000", "norm_filename": null, "region_type": "private_memory", "start_va": 826802700288, "timestamp": "00:02:35.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1953792, "start_va": 140711379206144, "type": "region", "version": 1 }, "end_va": 140711381159935, "entry_point": 140711379206144, "filename": "\\Windows\\System32\\KernelBase.dll", "id": "region_5485", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\system32\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 140711379206144, "timestamp": "00:02:35.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 708608, "start_va": 140711418986496, "type": "region", "version": 1 }, "end_va": 140711419695103, "entry_point": 140711418986496, "filename": "\\Windows\\System32\\kernel32.dll", "id": "region_5486", "name": "kernel32.dll", "norm_filename": "c:\\windows\\system32\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 140711418986496, "timestamp": "00:02:35.409", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 826799554560, "type": "region", "version": 1 }, "end_va": 826799620095, "entry_point": 0, "filename": null, "id": "region_5559", "name": "pagefile_0x000000c081180000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 826799554560, "timestamp": "00:02:35.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 826799620096, "type": "region", "version": 1 }, "end_va": 826799648767, "entry_point": 0, "filename": null, "id": "region_5560", "name": "private_0x000000c081190000", "norm_filename": null, "region_type": "private_memory", "start_va": 826799620096, "timestamp": "00:02:35.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 826801061888, "type": "region", "version": 1 }, "end_va": 826801840127, "entry_point": 826801061888, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5561", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 826801061888, "timestamp": "00:02:35.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 826803748864, "type": "region", "version": 1 }, "end_va": 826804797439, "entry_point": 0, "filename": null, "id": "region_5562", "name": "private_0x000000c081580000", "norm_filename": null, "region_type": "private_memory", "start_va": 826803748864, "timestamp": "00:02:35.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 826806566912, "type": "region", "version": 1 }, "end_va": 826806632447, "entry_point": 0, "filename": null, "id": "region_5563", "name": "private_0x000000c081830000", "norm_filename": null, "region_type": "private_memory", "start_va": 826806566912, "timestamp": "00:02:35.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 140696062328832, "type": "region", "version": 1 }, "end_va": 140696063377407, "entry_point": 0, "filename": null, "id": "region_5564", "name": "pagefile_0x00007ff65ad10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 140696062328832, "timestamp": "00:02:35.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 140696063549440, "type": "region", "version": 1 }, "end_va": 140696063557631, "entry_point": 0, "filename": null, "id": "region_5565", "name": "private_0x00007ff65ae3a000", "norm_filename": null, "region_type": "private_memory", "start_va": 140696063549440, "timestamp": "00:02:35.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 643072, "start_va": 140711381172224, "type": "region", "version": 1 }, "end_va": 140711381815295, "entry_point": 140711381172224, "filename": "\\Windows\\System32\\msvcrt.dll", "id": "region_5566", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\system32\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 140711381172224, "timestamp": "00:02:35.659", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 28672, "start_va": 826801848320, "type": "region", "version": 1 }, "end_va": 826801876991, "entry_point": 0, "filename": null, "id": "region_5567", "name": "private_0x000000c0813b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 826801848320, "timestamp": "00:02:35.666", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\tubcvd.exe ", "filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\tubcvd.exe", "id": "proc_15", "image_name": "tubcvd.exe", "monitor_reason": "child_process", "monitored_id": 15, "origin_monitor_id": 13, "ref_parent_process": { "ref_id": "proc_13", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 196607, "entry_point": 0, "filename": null, "id": "region_5568", "name": "private_0x0000000000010000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 204799, "entry_point": 0, "filename": null, "id": "region_5569", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 262144, "type": "region", "version": 1 }, "end_va": 344063, "entry_point": 0, "filename": null, "id": "region_5570", "name": "pagefile_0x0000000000040000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 262144, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 393216, "type": "region", "version": 1 }, "end_va": 655359, "entry_point": 0, "filename": null, "id": "region_5571", "name": "private_0x0000000000060000", "norm_filename": null, "region_type": "private_memory", "start_va": 393216, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 655360, "type": "region", "version": 1 }, "end_va": 1703935, "entry_point": 0, "filename": null, "id": "region_5572", "name": "private_0x00000000000a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 655360, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 1703936, "type": "region", "version": 1 }, "end_va": 1720319, "entry_point": 0, "filename": null, "id": "region_5573", "name": "pagefile_0x00000000001a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1703936, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 1769472, "type": "region", "version": 1 }, "end_va": 1773567, "entry_point": 0, "filename": null, "id": "region_5574", "name": "pagefile_0x00000000001b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 1769472, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 1835008, "type": "region", "version": 1 }, "end_va": 1843199, "entry_point": 0, "filename": null, "id": "region_5575", "name": "private_0x00000000001c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1835008, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 159744, "start_va": 4194304, "type": "region", "version": 1 }, "end_va": 4354047, "entry_point": 4194304, "filename": "\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\tubcvd.exe", "id": "region_5576", "name": "tubcvd.exe", "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\tubcvd.exe", "region_type": "memory_mapped_file", "start_va": 4194304, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002620415, "entry_point": 2001076224, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_5577", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2147155968, "type": "region", "version": 1 }, "end_va": 2147299327, "entry_point": 0, "filename": null, "id": "region_5578", "name": "pagefile_0x000000007ffb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2147155968, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147332096, "type": "region", "version": 1 }, "end_va": 2147344383, "entry_point": 0, "filename": null, "id": "region_5579", "name": "private_0x000000007ffdb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147332096, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147344384, "type": "region", "version": 1 }, "end_va": 2147348479, "entry_point": 0, "filename": null, "id": "region_5580", "name": "private_0x000000007ffde000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147344384, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2147348480, "type": "region", "version": 1 }, "end_va": 2147352575, "entry_point": 0, "filename": null, "id": "region_5581", "name": "private_0x000000007ffdf000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147348480, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_5582", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 140709276942336, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 140711424360447, "entry_point": 0, "filename": null, "id": "region_5583", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140711424360448, "type": "region", "version": 1 }, "end_va": 140711426203647, "entry_point": 140711424360448, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_5584", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140711424360448, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 26062086144, "start_va": 140711426203648, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_5585", "name": "private_0x00007ff9ee932000", "norm_filename": null, "region_type": "private_memory", "start_va": 140711426203648, "timestamp": "00:02:35.683", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2621440, "type": "region", "version": 1 }, "end_va": 2686975, "entry_point": 0, "filename": null, "id": "region_5586", "name": "private_0x0000000000280000", "norm_filename": null, "region_type": "private_memory", "start_va": 2621440, "timestamp": "00:02:35.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1942814720, "type": "region", "version": 1 }, "end_va": 1943138303, "entry_point": 1942814720, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_5587", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942814720, "timestamp": "00:02:35.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1943207936, "type": "region", "version": 1 }, "end_va": 1943678975, "entry_point": 1943207936, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_5588", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1943207936, "timestamp": "00:02:35.765", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 5701632, "type": "region", "version": 1 }, "end_va": 6750207, "entry_point": 0, "filename": null, "id": "region_5589", "name": "private_0x0000000000570000", "norm_filename": null, "region_type": "private_memory", "start_va": 5701632, "timestamp": "00:02:35.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943142400, "type": "region", "version": 1 }, "end_va": 1943175167, "entry_point": 1943142400, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_5590", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943142400, "timestamp": "00:02:35.770", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 65536, "type": "region", "version": 1 }, "end_va": 131071, "entry_point": 0, "filename": null, "id": "region_5591", "name": "pagefile_0x0000000000010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 65536, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 131072, "type": "region", "version": 1 }, "end_va": 147455, "entry_point": 0, "filename": null, "id": "region_5592", "name": "private_0x0000000000020000", "norm_filename": null, "region_type": "private_memory", "start_va": 131072, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 196608, "type": "region", "version": 1 }, "end_va": 200703, "entry_point": 0, "filename": null, "id": "region_5593", "name": "private_0x0000000000030000", "norm_filename": null, "region_type": "private_memory", "start_va": 196608, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 1900544, "type": "region", "version": 1 }, "end_va": 2162687, "entry_point": 0, "filename": null, "id": "region_5594", "name": "private_0x00000000001d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 1900544, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2162688, "type": "region", "version": 1 }, "end_va": 2166783, "entry_point": 0, "filename": null, "id": "region_5595", "name": "private_0x0000000000210000", "norm_filename": null, "region_type": "private_memory", "start_va": 2162688, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 2686976, "type": "region", "version": 1 }, "end_va": 3465215, "entry_point": 2686976, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5596", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 2686976, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 4390912, "type": "region", "version": 1 }, "end_va": 5439487, "entry_point": 0, "filename": null, "id": "region_5597", "name": "private_0x0000000000430000", "norm_filename": null, "region_type": "private_memory", "start_va": 4390912, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 6750208, "type": "region", "version": 1 }, "end_va": 8355839, "entry_point": 0, "filename": null, "id": "region_5598", "name": "pagefile_0x0000000000670000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 6750208, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 9306112, "type": "region", "version": 1 }, "end_va": 9371647, "entry_point": 0, "filename": null, "id": "region_5599", "name": "private_0x00000000008e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9306112, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 9371648, "type": "region", "version": 1 }, "end_va": 10948607, "entry_point": 0, "filename": null, "id": "region_5600", "name": "pagefile_0x00000000008f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 9371648, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 11010048, "type": "region", "version": 1 }, "end_va": 31981567, "entry_point": 0, "filename": null, "id": "region_5601", "name": "pagefile_0x0000000000a80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 11010048, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 24576, "start_va": 1951334400, "type": "region", "version": 1 }, "end_va": 1951358975, "entry_point": 1951334400, "filename": "\\Windows\\SysWOW64\\msimg32.dll", "id": "region_5602", "name": "msimg32.dll", "norm_filename": "c:\\windows\\syswow64\\msimg32.dll", "region_type": "memory_mapped_file", "start_va": 1951334400, "timestamp": "00:02:35.818", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1951764479, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_5603", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1951793152, "type": "region", "version": 1 }, "end_va": 1951834111, "entry_point": 1951793152, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_5604", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1951793152, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1951858688, "type": "region", "version": 1 }, "end_va": 1951981567, "entry_point": 1951858688, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_5605", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1951858688, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1953652735, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_5606", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953968127, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_5607", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1954021376, "type": "region", "version": 1 }, "end_va": 1955004415, "entry_point": 1954021376, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_5608", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1954021376, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1956511743, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_5609", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1959051263, "entry_point": 1958346752, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_5610", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959833599, "entry_point": 1959329792, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_5611", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970982911, "entry_point": 1969618944, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_5612", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1996816384, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_5613", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1998696447, "entry_point": 1998520320, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_5614", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 2000289792, "type": "region", "version": 1 }, "end_va": 2001068031, "entry_point": 2000289792, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_5615", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000289792, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2146107392, "type": "region", "version": 1 }, "end_va": 2147155967, "entry_point": 0, "filename": null, "id": "region_5616", "name": "pagefile_0x000000007feb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2146107392, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147319808, "type": "region", "version": 1 }, "end_va": 2147332095, "entry_point": 0, "filename": null, "id": "region_5617", "name": "private_0x000000007ffd8000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147319808, "timestamp": "00:02:35.819", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 917504, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 9306111, "entry_point": 0, "filename": null, "id": "region_5618", "name": "private_0x0000000000800000", "norm_filename": null, "region_type": "private_memory", "start_va": 8388608, "timestamp": "00:02:35.821", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 73728, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2301951, "entry_point": 0, "filename": null, "id": "region_5619", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:02:36.725", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 20705280, "start_va": 1976107008, "type": "region", "version": 1 }, "end_va": 1996812287, "entry_point": 1976107008, "filename": "\\Windows\\SysWOW64\\shell32.dll", "id": "region_5620", "name": "shell32.dll", "norm_filename": "c:\\windows\\syswow64\\shell32.dll", "region_type": "memory_mapped_file", "start_va": 1976107008, "timestamp": "00:02:36.773", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 5099520, "start_va": 1970995200, "type": "region", "version": 1 }, "end_va": 1976094719, "entry_point": 1970995200, "filename": "\\Windows\\SysWOW64\\windows.storage.dll", "id": "region_5621", "name": "windows.storage.dll", "norm_filename": "c:\\windows\\syswow64\\windows.storage.dll", "region_type": "memory_mapped_file", "start_va": 1970995200, "timestamp": "00:02:36.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1958322175, "entry_point": 1956511744, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_5622", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:02:36.775", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1963982848, "type": "region", "version": 1 }, "end_va": 1964261375, "entry_point": 1963982848, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_5623", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963982848, "timestamp": "00:02:36.776", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1969553408, "type": "region", "version": 1 }, "end_va": 1969602559, "entry_point": 1969553408, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_5624", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1969553408, "timestamp": "00:02:36.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966002175, "entry_point": 1965424640, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_5625", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:02:36.777", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1961820160, "type": "region", "version": 1 }, "end_va": 1962098687, "entry_point": 1961820160, "filename": "\\Windows\\SysWOW64\\powrprof.dll", "id": "region_5626", "name": "powrprof.dll", "norm_filename": "c:\\windows\\syswow64\\powrprof.dll", "region_type": "memory_mapped_file", "start_va": 1961820160, "timestamp": "00:02:36.778", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 61440, "start_va": 1998782464, "type": "region", "version": 1 }, "end_va": 1998843903, "entry_point": 1998782464, "filename": "\\Windows\\SysWOW64\\profapi.dll", "id": "region_5627", "name": "profapi.dll", "norm_filename": "c:\\windows\\syswow64\\profapi.dll", "region_type": "memory_mapped_file", "start_va": 1998782464, "timestamp": "00:02:36.779", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1527808, "start_va": 1959854080, "type": "region", "version": 1 }, "end_va": 1961381887, "entry_point": 1959854080, "filename": "\\Windows\\SysWOW64\\crypt32.dll", "id": "region_5628", "name": "crypt32.dll", "norm_filename": "c:\\windows\\syswow64\\crypt32.dll", "region_type": "memory_mapped_file", "start_va": 1959854080, "timestamp": "00:02:36.784", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 57344, "start_va": 1964965888, "type": "region", "version": 1 }, "end_va": 1965023231, "entry_point": 1964965888, "filename": "\\Windows\\SysWOW64\\msasn1.dll", "id": "region_5629", "name": "msasn1.dll", "norm_filename": "c:\\windows\\syswow64\\msasn1.dll", "region_type": "memory_mapped_file", "start_va": 1964965888, "timestamp": "00:02:36.785", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2244608, "start_va": 1949040640, "type": "region", "version": 1 }, "end_va": 1951285247, "entry_point": 1949040640, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_5630", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1949040640, "timestamp": "00:02:36.792", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 782336, "start_va": 1948254208, "type": "region", "version": 1 }, "end_va": 1949036543, "entry_point": 1948254208, "filename": "\\Windows\\SysWOW64\\msvcr100.dll", "id": "region_5631", "name": "msvcr100.dll", "norm_filename": "c:\\windows\\syswow64\\msvcr100.dll", "region_type": "memory_mapped_file", "start_va": 1948254208, "timestamp": "00:02:36.796", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_5632", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:02:36.797", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_5633", "name": "private_0x0000000000220000", "norm_filename": null, "region_type": "private_memory", "start_va": 2228224, "timestamp": "00:02:37.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 2424832, "type": "region", "version": 1 }, "end_va": 2490367, "entry_point": 0, "filename": null, "id": "region_5634", "name": "private_0x0000000000250000", "norm_filename": null, "region_type": "private_memory", "start_va": 2424832, "timestamp": "00:02:37.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2297855, "entry_point": 0, "filename": null, "id": "region_5635", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:02:37.805", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 3473408, "type": "region", "version": 1 }, "end_va": 3735551, "entry_point": 0, "filename": null, "id": "region_5636", "name": "private_0x0000000000350000", "norm_filename": null, "region_type": "private_memory", "start_va": 3473408, "timestamp": "00:02:37.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 31981568, "type": "region", "version": 1 }, "end_va": 33030143, "entry_point": 0, "filename": null, "id": "region_5637", "name": "private_0x0000000001e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 31981568, "timestamp": "00:02:37.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2147307520, "type": "region", "version": 1 }, "end_va": 2147319807, "entry_point": 0, "filename": null, "id": "region_5638", "name": "private_0x000000007ffd5000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147307520, "timestamp": "00:02:37.806", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1945567232, "type": "region", "version": 1 }, "end_va": 1946046463, "entry_point": 1945567232, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_5639", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1945567232, "timestamp": "00:02:37.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_5640", "name": "private_0x0000000000800000", "norm_filename": null, "region_type": "private_memory", "start_va": 8388608, "timestamp": "00:02:37.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 9240576, "type": "region", "version": 1 }, "end_va": 9306111, "entry_point": 0, "filename": null, "id": "region_5641", "name": "private_0x00000000008d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 9240576, "timestamp": "00:02:37.809", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2232319, "entry_point": 0, "filename": null, "id": "region_5642", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:02:37.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 753664, "start_va": 33030144, "type": "region", "version": 1 }, "end_va": 33783807, "entry_point": 0, "filename": null, "id": "region_5643", "name": "pagefile_0x0000000001f80000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 33030144, "timestamp": "00:02:37.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 2228224, "type": "region", "version": 1 }, "end_va": 2244607, "entry_point": 0, "filename": null, "id": "region_5644", "name": "pagefile_0x0000000000220000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2228224, "timestamp": "00:02:37.814", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1945436160, "type": "region", "version": 1 }, "end_va": 1945554943, "entry_point": 1945436160, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_5645", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1945436160, "timestamp": "00:02:37.816", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 2293760, "type": "region", "version": 1 }, "end_va": 2310143, "entry_point": 0, "filename": null, "id": "region_5646", "name": "private_0x0000000000230000", "norm_filename": null, "region_type": "private_memory", "start_va": 2293760, "timestamp": "00:02:37.817", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 24576, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2383871, "entry_point": 0, "filename": null, "id": "region_5647", "name": "pagefile_0x0000000000240000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2359296, "timestamp": "00:02:37.822", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 2490368, "type": "region", "version": 1 }, "end_va": 2494463, "entry_point": 0, "filename": null, "id": "region_5648", "name": "pagefile_0x0000000000260000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2490368, "timestamp": "00:02:37.825", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 524288, "start_va": 33816576, "type": "region", "version": 1 }, "end_va": 34340863, "entry_point": 0, "filename": null, "id": "region_5649", "name": "private_0x0000000002040000", "norm_filename": null, "region_type": "private_memory", "start_va": 33816576, "timestamp": "00:02:37.826", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 34340864, "type": "region", "version": 1 }, "end_va": 37711871, "entry_point": 34340864, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_5650", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 34340864, "timestamp": "00:02:37.827", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 4096, "start_va": 2359296, "type": "region", "version": 1 }, "end_va": 2363391, "entry_point": 0, "filename": null, "id": "region_5651", "name": "private_0x0000000000240000", "norm_filename": null, "region_type": "private_memory", "start_va": 2359296, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 5439488, "type": "region", "version": 1 }, "end_va": 5701631, "entry_point": 0, "filename": null, "id": "region_5652", "name": "private_0x0000000000530000", "norm_filename": null, "region_type": "private_memory", "start_va": 5439488, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8388608, "type": "region", "version": 1 }, "end_va": 8650751, "entry_point": 0, "filename": null, "id": "region_5653", "name": "private_0x0000000000800000", "norm_filename": null, "region_type": "private_memory", "start_va": 8388608, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 8847360, "type": "region", "version": 1 }, "end_va": 8912895, "entry_point": 0, "filename": null, "id": "region_5654", "name": "private_0x0000000000870000", "norm_filename": null, "region_type": "private_memory", "start_va": 8847360, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 8912896, "type": "region", "version": 1 }, "end_va": 9175039, "entry_point": 0, "filename": null, "id": "region_5655", "name": "private_0x0000000000880000", "norm_filename": null, "region_type": "private_memory", "start_va": 8912896, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 38797312, "type": "region", "version": 1 }, "end_va": 39845887, "entry_point": 0, "filename": null, "id": "region_5656", "name": "private_0x0000000002500000", "norm_filename": null, "region_type": "private_memory", "start_va": 38797312, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 39845888, "type": "region", "version": 1 }, "end_va": 40894463, "entry_point": 0, "filename": null, "id": "region_5657", "name": "private_0x0000000002600000", "norm_filename": null, "region_type": "private_memory", "start_va": 39845888, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 40894464, "type": "region", "version": 1 }, "end_va": 41943039, "entry_point": 0, "filename": null, "id": "region_5658", "name": "private_0x0000000002700000", "norm_filename": null, "region_type": "private_memory", "start_va": 40894464, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 41943040, "type": "region", "version": 1 }, "end_va": 42205183, "entry_point": 0, "filename": null, "id": "region_5659", "name": "private_0x0000000002800000", "norm_filename": null, "region_type": "private_memory", "start_va": 41943040, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 42205184, "type": "region", "version": 1 }, "end_va": 43253759, "entry_point": 0, "filename": null, "id": "region_5660", "name": "private_0x0000000002840000", "norm_filename": null, "region_type": "private_memory", "start_va": 42205184, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 43253760, "type": "region", "version": 1 }, "end_va": 43515903, "entry_point": 0, "filename": null, "id": "region_5661", "name": "private_0x0000000002940000", "norm_filename": null, "region_type": "private_memory", "start_va": 43253760, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 43515904, "type": "region", "version": 1 }, "end_va": 44564479, "entry_point": 0, "filename": null, "id": "region_5662", "name": "private_0x0000000002980000", "norm_filename": null, "region_type": "private_memory", "start_va": 43515904, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 44564480, "type": "region", "version": 1 }, "end_va": 44826623, "entry_point": 0, "filename": null, "id": "region_5663", "name": "private_0x0000000002a80000", "norm_filename": null, "region_type": "private_memory", "start_va": 44564480, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 44826624, "type": "region", "version": 1 }, "end_va": 45875199, "entry_point": 0, "filename": null, "id": "region_5664", "name": "private_0x0000000002ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 44826624, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 45875200, "type": "region", "version": 1 }, "end_va": 46137343, "entry_point": 0, "filename": null, "id": "region_5665", "name": "private_0x0000000002bc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 45875200, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 46137344, "type": "region", "version": 1 }, "end_va": 47185919, "entry_point": 0, "filename": null, "id": "region_5666", "name": "private_0x0000000002c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 46137344, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 47185920, "type": "region", "version": 1 }, "end_va": 47448063, "entry_point": 0, "filename": null, "id": "region_5667", "name": "private_0x0000000002d00000", "norm_filename": null, "region_type": "private_memory", "start_va": 47185920, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 47448064, "type": "region", "version": 1 }, "end_va": 48496639, "entry_point": 0, "filename": null, "id": "region_5668", "name": "private_0x0000000002d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 47448064, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 48496640, "type": "region", "version": 1 }, "end_va": 48758783, "entry_point": 0, "filename": null, "id": "region_5669", "name": "private_0x0000000002e40000", "norm_filename": null, "region_type": "private_memory", "start_va": 48496640, "timestamp": "00:02:37.887", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 48758784, "type": "region", "version": 1 }, "end_va": 49807359, "entry_point": 0, "filename": null, "id": "region_5670", "name": "private_0x0000000002e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 48758784, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 49807360, "type": "region", "version": 1 }, "end_va": 50069503, "entry_point": 0, "filename": null, "id": "region_5671", "name": "private_0x0000000002f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 49807360, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 50069504, "type": "region", "version": 1 }, "end_va": 51118079, "entry_point": 0, "filename": null, "id": "region_5672", "name": "private_0x0000000002fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 50069504, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 51118080, "type": "region", "version": 1 }, "end_va": 51380223, "entry_point": 0, "filename": null, "id": "region_5673", "name": "private_0x00000000030c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 51118080, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 51380224, "type": "region", "version": 1 }, "end_va": 52428799, "entry_point": 0, "filename": null, "id": "region_5674", "name": "private_0x0000000003100000", "norm_filename": null, "region_type": "private_memory", "start_va": 51380224, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 52428800, "type": "region", "version": 1 }, "end_va": 52690943, "entry_point": 0, "filename": null, "id": "region_5675", "name": "private_0x0000000003200000", "norm_filename": null, "region_type": "private_memory", "start_va": 52428800, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 52690944, "type": "region", "version": 1 }, "end_va": 53739519, "entry_point": 0, "filename": null, "id": "region_5676", "name": "private_0x0000000003240000", "norm_filename": null, "region_type": "private_memory", "start_va": 52690944, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 53739520, "type": "region", "version": 1 }, "end_va": 54001663, "entry_point": 0, "filename": null, "id": "region_5677", "name": "private_0x0000000003340000", "norm_filename": null, "region_type": "private_memory", "start_va": 53739520, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 54001664, "type": "region", "version": 1 }, "end_va": 55050239, "entry_point": 0, "filename": null, "id": "region_5678", "name": "private_0x0000000003380000", "norm_filename": null, "region_type": "private_memory", "start_va": 54001664, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 55050240, "type": "region", "version": 1 }, "end_va": 55312383, "entry_point": 0, "filename": null, "id": "region_5679", "name": "private_0x0000000003480000", "norm_filename": null, "region_type": "private_memory", "start_va": 55050240, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 55312384, "type": "region", "version": 1 }, "end_va": 56360959, "entry_point": 0, "filename": null, "id": "region_5680", "name": "private_0x00000000034c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 55312384, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 56360960, "type": "region", "version": 1 }, "end_va": 56623103, "entry_point": 0, "filename": null, "id": "region_5681", "name": "private_0x00000000035c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 56360960, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 56623104, "type": "region", "version": 1 }, "end_va": 57671679, "entry_point": 0, "filename": null, "id": "region_5682", "name": "private_0x0000000003600000", "norm_filename": null, "region_type": "private_memory", "start_va": 56623104, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 57671680, "type": "region", "version": 1 }, "end_va": 57933823, "entry_point": 0, "filename": null, "id": "region_5683", "name": "private_0x0000000003700000", "norm_filename": null, "region_type": "private_memory", "start_va": 57671680, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 57933824, "type": "region", "version": 1 }, "end_va": 58982399, "entry_point": 0, "filename": null, "id": "region_5684", "name": "private_0x0000000003740000", "norm_filename": null, "region_type": "private_memory", "start_va": 57933824, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 58982400, "type": "region", "version": 1 }, "end_va": 59244543, "entry_point": 0, "filename": null, "id": "region_5685", "name": "private_0x0000000003840000", "norm_filename": null, "region_type": "private_memory", "start_va": 58982400, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 59244544, "type": "region", "version": 1 }, "end_va": 60293119, "entry_point": 0, "filename": null, "id": "region_5686", "name": "private_0x0000000003880000", "norm_filename": null, "region_type": "private_memory", "start_va": 59244544, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 60293120, "type": "region", "version": 1 }, "end_va": 60555263, "entry_point": 0, "filename": null, "id": "region_5687", "name": "private_0x0000000003980000", "norm_filename": null, "region_type": "private_memory", "start_va": 60293120, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 60555264, "type": "region", "version": 1 }, "end_va": 61603839, "entry_point": 0, "filename": null, "id": "region_5688", "name": "private_0x00000000039c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 60555264, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 61603840, "type": "region", "version": 1 }, "end_va": 61865983, "entry_point": 0, "filename": null, "id": "region_5689", "name": "private_0x0000000003ac0000", "norm_filename": null, "region_type": "private_memory", "start_va": 61603840, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 61865984, "type": "region", "version": 1 }, "end_va": 62914559, "entry_point": 0, "filename": null, "id": "region_5690", "name": "private_0x0000000003b00000", "norm_filename": null, "region_type": "private_memory", "start_va": 61865984, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 62914560, "type": "region", "version": 1 }, "end_va": 63176703, "entry_point": 0, "filename": null, "id": "region_5691", "name": "private_0x0000000003c00000", "norm_filename": null, "region_type": "private_memory", "start_va": 62914560, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 63176704, "type": "region", "version": 1 }, "end_va": 64225279, "entry_point": 0, "filename": null, "id": "region_5692", "name": "private_0x0000000003c40000", "norm_filename": null, "region_type": "private_memory", "start_va": 63176704, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 64225280, "type": "region", "version": 1 }, "end_va": 64487423, "entry_point": 0, "filename": null, "id": "region_5693", "name": "private_0x0000000003d40000", "norm_filename": null, "region_type": "private_memory", "start_va": 64225280, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 64487424, "type": "region", "version": 1 }, "end_va": 65535999, "entry_point": 0, "filename": null, "id": "region_5694", "name": "private_0x0000000003d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 64487424, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 65536000, "type": "region", "version": 1 }, "end_va": 65798143, "entry_point": 0, "filename": null, "id": "region_5695", "name": "private_0x0000000003e80000", "norm_filename": null, "region_type": "private_memory", "start_va": 65536000, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 65798144, "type": "region", "version": 1 }, "end_va": 66846719, "entry_point": 0, "filename": null, "id": "region_5696", "name": "private_0x0000000003ec0000", "norm_filename": null, "region_type": "private_memory", "start_va": 65798144, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 66846720, "type": "region", "version": 1 }, "end_va": 67108863, "entry_point": 0, "filename": null, "id": "region_5697", "name": "private_0x0000000003fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 66846720, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 67108864, "type": "region", "version": 1 }, "end_va": 68157439, "entry_point": 0, "filename": null, "id": "region_5698", "name": "private_0x0000000004000000", "norm_filename": null, "region_type": "private_memory", "start_va": 67108864, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 68157440, "type": "region", "version": 1 }, "end_va": 68419583, "entry_point": 0, "filename": null, "id": "region_5699", "name": "private_0x0000000004100000", "norm_filename": null, "region_type": "private_memory", "start_va": 68157440, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 68419584, "type": "region", "version": 1 }, "end_va": 69468159, "entry_point": 0, "filename": null, "id": "region_5700", "name": "private_0x0000000004140000", "norm_filename": null, "region_type": "private_memory", "start_va": 68419584, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 69468160, "type": "region", "version": 1 }, "end_va": 69730303, "entry_point": 0, "filename": null, "id": "region_5701", "name": "private_0x0000000004240000", "norm_filename": null, "region_type": "private_memory", "start_va": 69468160, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 69730304, "type": "region", "version": 1 }, "end_va": 70778879, "entry_point": 0, "filename": null, "id": "region_5702", "name": "private_0x0000000004280000", "norm_filename": null, "region_type": "private_memory", "start_va": 69730304, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 70778880, "type": "region", "version": 1 }, "end_va": 71041023, "entry_point": 0, "filename": null, "id": "region_5703", "name": "private_0x0000000004380000", "norm_filename": null, "region_type": "private_memory", "start_va": 70778880, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 71041024, "type": "region", "version": 1 }, "end_va": 72089599, "entry_point": 0, "filename": null, "id": "region_5704", "name": "private_0x00000000043c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 71041024, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 72089600, "type": "region", "version": 1 }, "end_va": 72351743, "entry_point": 0, "filename": null, "id": "region_5705", "name": "private_0x00000000044c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72089600, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 72351744, "type": "region", "version": 1 }, "end_va": 73400319, "entry_point": 0, "filename": null, "id": "region_5706", "name": "private_0x0000000004500000", "norm_filename": null, "region_type": "private_memory", "start_va": 72351744, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 73400320, "type": "region", "version": 1 }, "end_va": 73662463, "entry_point": 0, "filename": null, "id": "region_5707", "name": "private_0x0000000004600000", "norm_filename": null, "region_type": "private_memory", "start_va": 73400320, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 73662464, "type": "region", "version": 1 }, "end_va": 74711039, "entry_point": 0, "filename": null, "id": "region_5708", "name": "private_0x0000000004640000", "norm_filename": null, "region_type": "private_memory", "start_va": 73662464, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 74711040, "type": "region", "version": 1 }, "end_va": 74973183, "entry_point": 0, "filename": null, "id": "region_5709", "name": "private_0x0000000004740000", "norm_filename": null, "region_type": "private_memory", "start_va": 74711040, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 74973184, "type": "region", "version": 1 }, "end_va": 76021759, "entry_point": 0, "filename": null, "id": "region_5710", "name": "private_0x0000000004780000", "norm_filename": null, "region_type": "private_memory", "start_va": 74973184, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 76021760, "type": "region", "version": 1 }, "end_va": 76283903, "entry_point": 0, "filename": null, "id": "region_5711", "name": "private_0x0000000004880000", "norm_filename": null, "region_type": "private_memory", "start_va": 76021760, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 76283904, "type": "region", "version": 1 }, "end_va": 77332479, "entry_point": 0, "filename": null, "id": "region_5712", "name": "private_0x00000000048c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 76283904, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 77332480, "type": "region", "version": 1 }, "end_va": 77594623, "entry_point": 0, "filename": null, "id": "region_5713", "name": "private_0x00000000049c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 77332480, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 77594624, "type": "region", "version": 1 }, "end_va": 78643199, "entry_point": 0, "filename": null, "id": "region_5714", "name": "private_0x0000000004a00000", "norm_filename": null, "region_type": "private_memory", "start_va": 77594624, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2145714176, "type": "region", "version": 1 }, "end_va": 2145726463, "entry_point": 0, "filename": null, "id": "region_5715", "name": "private_0x000000007fe50000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145714176, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2145726464, "type": "region", "version": 1 }, "end_va": 2145738751, "entry_point": 0, "filename": null, "id": "region_5716", "name": "private_0x000000007fe53000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145726464, "timestamp": "00:02:37.888", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2145738752, "type": "region", "version": 1 }, "end_va": 2145751039, "entry_point": 0, "filename": null, "id": "region_5717", "name": "private_0x000000007fe56000", "norm_filename": null, "region_type": "private_memory", "start_va": 2145738752, "timestamp": "00:02:37.888", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "nslookup gandcrab.bit a.dnspod.com", "filename": "c:\\windows\\syswow64\\nslookup.exe", "id": "proc_16", "image_name": "nslookup.exe", "monitor_reason": "child_process", "monitored_id": 16, "origin_monitor_id": 15, "ref_parent_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3145727, "entry_point": 0, "filename": null, "id": "region_5879", "name": "private_0x00000000002e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3014656, "timestamp": "00:02:43.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3153919, "entry_point": 0, "filename": null, "id": "region_5880", "name": "private_0x0000000000300000", "norm_filename": null, "region_type": "private_memory", "start_va": 3145728, "timestamp": "00:02:43.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3305471, "entry_point": 3211264, "filename": "\\Windows\\SysWOW64\\nslookup.exe", "id": "region_5881", "name": "nslookup.exe", "norm_filename": "c:\\windows\\syswow64\\nslookup.exe", "region_type": "memory_mapped_file", "start_va": 3211264, "timestamp": "00:02:43.829", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 3342336, "type": "region", "version": 1 }, "end_va": 70451199, "entry_point": 0, "filename": null, "id": "region_5882", "name": "pagefile_0x0000000000330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3342336, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 70451200, "type": "region", "version": 1 }, "end_va": 70533119, "entry_point": 0, "filename": null, "id": "region_5883", "name": "pagefile_0x0000000004330000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 70451200, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 70582272, "type": "region", "version": 1 }, "end_va": 70844415, "entry_point": 0, "filename": null, "id": "region_5884", "name": "private_0x0000000004350000", "norm_filename": null, "region_type": "private_memory", "start_va": 70582272, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 70844416, "type": "region", "version": 1 }, "end_va": 71106559, "entry_point": 0, "filename": null, "id": "region_5885", "name": "private_0x0000000004390000", "norm_filename": null, "region_type": "private_memory", "start_va": 70844416, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 71106560, "type": "region", "version": 1 }, "end_va": 71122943, "entry_point": 0, "filename": null, "id": "region_5886", "name": "pagefile_0x00000000043d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 71106560, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 71172096, "type": "region", "version": 1 }, "end_va": 71176191, "entry_point": 0, "filename": null, "id": "region_5887", "name": "pagefile_0x00000000043e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 71172096, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 71237632, "type": "region", "version": 1 }, "end_va": 71245823, "entry_point": 0, "filename": null, "id": "region_5888", "name": "private_0x00000000043f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 71237632, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002620415, "entry_point": 2001076224, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_5889", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2133721088, "type": "region", "version": 1 }, "end_va": 2133864447, "entry_point": 0, "filename": null, "id": "region_5890", "name": "pagefile_0x000000007f2e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2133721088, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2133884928, "type": "region", "version": 1 }, "end_va": 2133889023, "entry_point": 0, "filename": null, "id": "region_5891", "name": "private_0x000000007f308000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133884928, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2133889024, "type": "region", "version": 1 }, "end_va": 2133893119, "entry_point": 0, "filename": null, "id": "region_5892", "name": "private_0x000000007f309000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133889024, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2133905408, "type": "region", "version": 1 }, "end_va": 2133917695, "entry_point": 0, "filename": null, "id": "region_5893", "name": "private_0x000000007f30d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133905408, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_5894", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138510253686784, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138512401104895, "entry_point": 0, "filename": null, "id": "region_5895", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138512401104896, "type": "region", "version": 1 }, "end_va": 140711424360447, "entry_point": 0, "filename": null, "id": "region_5896", "name": "pagefile_0x00007df9ee770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138512401104896, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140711424360448, "type": "region", "version": 1 }, "end_va": 140711426203647, "entry_point": 140711424360448, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_5897", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140711424360448, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 26062086144, "start_va": 140711426203648, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_5898", "name": "private_0x00007ff9ee932000", "norm_filename": null, "region_type": "private_memory", "start_va": 140711426203648, "timestamp": "00:02:43.831", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 72482816, "type": "region", "version": 1 }, "end_va": 72548351, "entry_point": 0, "filename": null, "id": "region_5899", "name": "private_0x0000000004520000", "norm_filename": null, "region_type": "private_memory", "start_va": 72482816, "timestamp": "00:02:43.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1942814720, "type": "region", "version": 1 }, "end_va": 1943138303, "entry_point": 1942814720, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_5900", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942814720, "timestamp": "00:02:43.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1943207936, "type": "region", "version": 1 }, "end_va": 1943678975, "entry_point": 1943207936, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_5901", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1943207936, "timestamp": "00:02:43.838", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 73269248, "type": "region", "version": 1 }, "end_va": 74317823, "entry_point": 0, "filename": null, "id": "region_5902", "name": "private_0x00000000045e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 73269248, "timestamp": "00:02:43.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943142400, "type": "region", "version": 1 }, "end_va": 1943175167, "entry_point": 1943142400, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_5903", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943142400, "timestamp": "00:02:43.847", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 3014656, "type": "region", "version": 1 }, "end_va": 3080191, "entry_point": 0, "filename": null, "id": "region_5944", "name": "pagefile_0x00000000002e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 3014656, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 3080192, "type": "region", "version": 1 }, "end_va": 3096575, "entry_point": 0, "filename": null, "id": "region_5945", "name": "private_0x00000000002f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 3080192, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 71303168, "type": "region", "version": 1 }, "end_va": 72081407, "entry_point": 71303168, "filename": "\\Windows\\System32\\locale.nls", "id": "region_5946", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 71303168, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 72089600, "type": "region", "version": 1 }, "end_va": 72351743, "entry_point": 0, "filename": null, "id": "region_5947", "name": "private_0x00000000044c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72089600, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 72548352, "type": "region", "version": 1 }, "end_va": 72810495, "entry_point": 0, "filename": null, "id": "region_5948", "name": "private_0x0000000004530000", "norm_filename": null, "region_type": "private_memory", "start_va": 72548352, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 75628544, "type": "region", "version": 1 }, "end_va": 75694079, "entry_point": 0, "filename": null, "id": "region_5949", "name": "private_0x0000000004820000", "norm_filename": null, "region_type": "private_memory", "start_va": 75628544, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1944387584, "type": "region", "version": 1 }, "end_va": 1944928255, "entry_point": 1944387584, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_5950", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1944387584, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1946615808, "type": "region", "version": 1 }, "end_va": 1946935295, "entry_point": 1946615808, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_5951", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1946615808, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1951764479, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_5952", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1951793152, "type": "region", "version": 1 }, "end_va": 1951834111, "entry_point": 1951793152, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_5953", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1951793152, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1951858688, "type": "region", "version": 1 }, "end_va": 1951981567, "entry_point": 1951858688, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_5954", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1951858688, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1953652735, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_5955", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953968127, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_5956", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1954021376, "type": "region", "version": 1 }, "end_va": 1955004415, "entry_point": 1954021376, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_5957", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1954021376, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1959051263, "entry_point": 1958346752, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_5958", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1962176511, "entry_point": 1962147840, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_5959", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968553983, "entry_point": 1968177152, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_5960", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 2000289792, "type": "region", "version": 1 }, "end_va": 2001068031, "entry_point": 2000289792, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_5961", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000289792, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2132672512, "type": "region", "version": 1 }, "end_va": 2133721087, "entry_point": 0, "filename": null, "id": "region_5962", "name": "pagefile_0x000000007f1e0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2132672512, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2133893120, "type": "region", "version": 1 }, "end_va": 2133905407, "entry_point": 0, "filename": null, "id": "region_5963", "name": "private_0x000000007f30a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2133893120, "timestamp": "00:02:43.986", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1946091520, "type": "region", "version": 1 }, "end_va": 1946165247, "entry_point": 1946091520, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_5964", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1946091520, "timestamp": "00:02:43.995", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1944256512, "type": "region", "version": 1 }, "end_va": 1944346623, "entry_point": 1944256512, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_5965", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1944256512, "timestamp": "00:02:43.999", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1944125440, "type": "region", "version": 1 }, "end_va": 1944203263, "entry_point": 1944125440, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_5966", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1944125440, "timestamp": "00:02:44.001", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1996816384, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_5967", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:02:44.002", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970982911, "entry_point": 1969618944, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_5968", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:02:44.003", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 72810496, "type": "region", "version": 1 }, "end_va": 72982527, "entry_point": 72810496, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_5969", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 72810496, "timestamp": "00:02:44.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 75694080, "type": "region", "version": 1 }, "end_va": 77299711, "entry_point": 0, "filename": null, "id": "region_5970", "name": "pagefile_0x0000000004830000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 75694080, "timestamp": "00:02:44.005", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1998696447, "entry_point": 1998520320, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_5971", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:02:44.006", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1956511743, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_5972", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:02:44.007", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 3145728, "type": "region", "version": 1 }, "end_va": 3166207, "entry_point": 3145728, "filename": "\\Windows\\SysWOW64\\en-US\\nslookup.exe.mui", "id": "region_5973", "name": "nslookup.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\nslookup.exe.mui", "region_type": "memory_mapped_file", "start_va": 3145728, "timestamp": "00:02:44.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 77332480, "type": "region", "version": 1 }, "end_va": 78909439, "entry_point": 0, "filename": null, "id": "region_5974", "name": "pagefile_0x00000000049c0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 77332480, "timestamp": "00:02:44.009", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 78970880, "type": "region", "version": 1 }, "end_va": 99942399, "entry_point": 0, "filename": null, "id": "region_5975", "name": "pagefile_0x0000000004b50000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 78970880, "timestamp": "00:02:44.010", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72351744, "type": "region", "version": 1 }, "end_va": 72355839, "entry_point": 0, "filename": null, "id": "region_5976", "name": "private_0x0000000004500000", "norm_filename": null, "region_type": "private_memory", "start_va": 72351744, "timestamp": "00:02:44.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 72417280, "type": "region", "version": 1 }, "end_va": 72421375, "entry_point": 0, "filename": null, "id": "region_5977", "name": "private_0x0000000004510000", "norm_filename": null, "region_type": "private_memory", "start_va": 72417280, "timestamp": "00:02:44.012", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1944059904, "type": "region", "version": 1 }, "end_va": 1944104959, "entry_point": 1944059904, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_5978", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1944059904, "timestamp": "00:02:44.013", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946222592, "type": "region", "version": 1 }, "end_va": 1946255359, "entry_point": 1946222592, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_5979", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1946222592, "timestamp": "00:02:44.016", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1947729920, "type": "region", "version": 1 }, "end_va": 1947926527, "entry_point": 1947729920, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_5980", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1947729920, "timestamp": "00:02:44.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1947664384, "type": "region", "version": 1 }, "end_va": 1947697151, "entry_point": 1947664384, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_5981", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1947664384, "timestamp": "00:02:44.018", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1946288128, "type": "region", "version": 1 }, "end_va": 1946574847, "entry_point": 1946288128, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_5982", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1946288128, "timestamp": "00:02:44.020", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1945174016, "type": "region", "version": 1 }, "end_va": 1945284607, "entry_point": 1945174016, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_5983", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1945174016, "timestamp": "00:02:44.021", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "nslookup gandcrab.bit a.dnspod.com", "filename": "c:\\windows\\syswow64\\nslookup.exe", "id": "proc_18", "image_name": "nslookup.exe", "monitor_reason": "child_process", "monitored_id": 18, "origin_monitor_id": 15, "ref_parent_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 94208, "start_va": 3211264, "type": "region", "version": 1 }, "end_va": 3305471, "entry_point": 3211264, "filename": "\\Windows\\SysWOW64\\nslookup.exe", "id": "region_15472", "name": "nslookup.exe", "norm_filename": "c:\\windows\\syswow64\\nslookup.exe", "region_type": "memory_mapped_file", "start_va": 3211264, "timestamp": "00:05:10.884", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 4325376, "type": "region", "version": 1 }, "end_va": 71434239, "entry_point": 0, "filename": null, "id": "region_15473", "name": "pagefile_0x0000000000420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 4325376, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 71434240, "type": "region", "version": 1 }, "end_va": 71565311, "entry_point": 0, "filename": null, "id": "region_15474", "name": "private_0x0000000004420000", "norm_filename": null, "region_type": "private_memory", "start_va": 71434240, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 71565312, "type": "region", "version": 1 }, "end_va": 71573503, "entry_point": 0, "filename": null, "id": "region_15475", "name": "private_0x0000000004440000", "norm_filename": null, "region_type": "private_memory", "start_va": 71565312, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 71630848, "type": "region", "version": 1 }, "end_va": 71712767, "entry_point": 0, "filename": null, "id": "region_15476", "name": "pagefile_0x0000000004450000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 71630848, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 71761920, "type": "region", "version": 1 }, "end_va": 72024063, "entry_point": 0, "filename": null, "id": "region_15477", "name": "private_0x0000000004470000", "norm_filename": null, "region_type": "private_memory", "start_va": 71761920, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 72024064, "type": "region", "version": 1 }, "end_va": 72286207, "entry_point": 0, "filename": null, "id": "region_15478", "name": "private_0x00000000044b0000", "norm_filename": null, "region_type": "private_memory", "start_va": 72024064, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 72286208, "type": "region", "version": 1 }, "end_va": 72302591, "entry_point": 0, "filename": null, "id": "region_15479", "name": "pagefile_0x00000000044f0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72286208, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 72351744, "type": "region", "version": 1 }, "end_va": 72355839, "entry_point": 0, "filename": null, "id": "region_15480", "name": "pagefile_0x0000000004500000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 72351744, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 72417280, "type": "region", "version": 1 }, "end_va": 72425471, "entry_point": 0, "filename": null, "id": "region_15481", "name": "private_0x0000000004510000", "norm_filename": null, "region_type": "private_memory", "start_va": 72417280, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002620415, "entry_point": 2001076224, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_15482", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2138701824, "type": "region", "version": 1 }, "end_va": 2138845183, "entry_point": 0, "filename": null, "id": "region_15483", "name": "pagefile_0x000000007f7a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2138701824, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2138869760, "type": "region", "version": 1 }, "end_va": 2138873855, "entry_point": 0, "filename": null, "id": "region_15484", "name": "private_0x000000007f7c9000", "norm_filename": null, "region_type": "private_memory", "start_va": 2138869760, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2138877952, "type": "region", "version": 1 }, "end_va": 2138890239, "entry_point": 0, "filename": null, "id": "region_15485", "name": "private_0x000000007f7cb000", "norm_filename": null, "region_type": "private_memory", "start_va": 2138877952, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2138890240, "type": "region", "version": 1 }, "end_va": 2138894335, "entry_point": 0, "filename": null, "id": "region_15486", "name": "private_0x000000007f7ce000", "norm_filename": null, "region_type": "private_memory", "start_va": 2138890240, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_15487", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138510253686784, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138512401104895, "entry_point": 0, "filename": null, "id": "region_15488", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138512401104896, "type": "region", "version": 1 }, "end_va": 140711424360447, "entry_point": 0, "filename": null, "id": "region_15489", "name": "pagefile_0x00007df9ee770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138512401104896, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140711424360448, "type": "region", "version": 1 }, "end_va": 140711426203647, "entry_point": 140711424360448, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_15490", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140711424360448, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 26062086144, "start_va": 140711426203648, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_15491", "name": "private_0x00007ff9ee932000", "norm_filename": null, "region_type": "private_memory", "start_va": 140711426203648, "timestamp": "00:05:10.885", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 73334784, "type": "region", "version": 1 }, "end_va": 73400319, "entry_point": 0, "filename": null, "id": "region_15492", "name": "private_0x00000000045f0000", "norm_filename": null, "region_type": "private_memory", "start_va": 73334784, "timestamp": "00:05:10.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1942814720, "type": "region", "version": 1 }, "end_va": 1943138303, "entry_point": 1942814720, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_15493", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942814720, "timestamp": "00:05:10.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1943207936, "type": "region", "version": 1 }, "end_va": 1943678975, "entry_point": 1943207936, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_15494", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1943207936, "timestamp": "00:05:10.894", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 74842112, "type": "region", "version": 1 }, "end_va": 75890687, "entry_point": 0, "filename": null, "id": "region_15495", "name": "private_0x0000000004760000", "norm_filename": null, "region_type": "private_memory", "start_va": 74842112, "timestamp": "00:05:10.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943142400, "type": "region", "version": 1 }, "end_va": 1943175167, "entry_point": 1943142400, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_15496", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943142400, "timestamp": "00:05:10.902", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 71434240, "type": "region", "version": 1 }, "end_va": 71499775, "entry_point": 0, "filename": null, "id": "region_15537", "name": "pagefile_0x0000000004420000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 71434240, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 71499776, "type": "region", "version": 1 }, "end_va": 71516159, "entry_point": 0, "filename": null, "id": "region_15538", "name": "private_0x0000000004430000", "norm_filename": null, "region_type": "private_memory", "start_va": 71499776, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 72482816, "type": "region", "version": 1 }, "end_va": 73261055, "entry_point": 72482816, "filename": "\\Windows\\System32\\locale.nls", "id": "region_15539", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 72482816, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 73400320, "type": "region", "version": 1 }, "end_va": 73662463, "entry_point": 0, "filename": null, "id": "region_15540", "name": "private_0x0000000004600000", "norm_filename": null, "region_type": "private_memory", "start_va": 73400320, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 73662464, "type": "region", "version": 1 }, "end_va": 73924607, "entry_point": 0, "filename": null, "id": "region_15541", "name": "private_0x0000000004640000", "norm_filename": null, "region_type": "private_memory", "start_va": 73662464, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 77070336, "type": "region", "version": 1 }, "end_va": 77135871, "entry_point": 0, "filename": null, "id": "region_15542", "name": "private_0x0000000004980000", "norm_filename": null, "region_type": "private_memory", "start_va": 77070336, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 540672, "start_va": 1944387584, "type": "region", "version": 1 }, "end_va": 1944928255, "entry_point": 1944387584, "filename": "\\Windows\\SysWOW64\\dnsapi.dll", "id": "region_15543", "name": "dnsapi.dll", "norm_filename": "c:\\windows\\syswow64\\dnsapi.dll", "region_type": "memory_mapped_file", "start_va": 1944387584, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 319488, "start_va": 1946615808, "type": "region", "version": 1 }, "end_va": 1946935295, "entry_point": 1946615808, "filename": "\\Windows\\SysWOW64\\mswsock.dll", "id": "region_15544", "name": "mswsock.dll", "norm_filename": "c:\\windows\\syswow64\\mswsock.dll", "region_type": "memory_mapped_file", "start_va": 1946615808, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1951764479, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_15545", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1951793152, "type": "region", "version": 1 }, "end_va": 1951834111, "entry_point": 1951793152, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_15546", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1951793152, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1951858688, "type": "region", "version": 1 }, "end_va": 1951981567, "entry_point": 1951858688, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_15547", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1951858688, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1953652735, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_15548", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953968127, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_15549", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1954021376, "type": "region", "version": 1 }, "end_va": 1955004415, "entry_point": 1954021376, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_15550", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1954021376, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1959051263, "entry_point": 1958346752, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_15551", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1962176511, "entry_point": 1962147840, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_15552", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:05:11.055", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968553983, "entry_point": 1968177152, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_15553", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:05:11.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 2000289792, "type": "region", "version": 1 }, "end_va": 2001068031, "entry_point": 2000289792, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_15554", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000289792, "timestamp": "00:05:11.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2137653248, "type": "region", "version": 1 }, "end_va": 2138701823, "entry_point": 0, "filename": null, "id": "region_15555", "name": "pagefile_0x000000007f6a0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2137653248, "timestamp": "00:05:11.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2138857472, "type": "region", "version": 1 }, "end_va": 2138869759, "entry_point": 0, "filename": null, "id": "region_15556", "name": "private_0x000000007f7c6000", "norm_filename": null, "region_type": "private_memory", "start_va": 2138857472, "timestamp": "00:05:11.056", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 73728, "start_va": 1946091520, "type": "region", "version": 1 }, "end_va": 1946165247, "entry_point": 1946091520, "filename": "\\Windows\\SysWOW64\\NapiNSP.dll", "id": "region_15557", "name": "napinsp.dll", "norm_filename": "c:\\windows\\syswow64\\napinsp.dll", "region_type": "memory_mapped_file", "start_va": 1946091520, "timestamp": "00:05:11.065", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 90112, "start_va": 1943797760, "type": "region", "version": 1 }, "end_va": 1943887871, "entry_point": 1943797760, "filename": "\\Windows\\SysWOW64\\pnrpnsp.dll", "id": "region_15558", "name": "pnrpnsp.dll", "norm_filename": "c:\\windows\\syswow64\\pnrpnsp.dll", "region_type": "memory_mapped_file", "start_va": 1943797760, "timestamp": "00:05:11.069", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1942683648, "type": "region", "version": 1 }, "end_va": 1942761471, "entry_point": 1942683648, "filename": "\\Windows\\SysWOW64\\nlaapi.dll", "id": "region_15559", "name": "nlaapi.dll", "norm_filename": "c:\\windows\\syswow64\\nlaapi.dll", "region_type": "memory_mapped_file", "start_va": 1942683648, "timestamp": "00:05:11.071", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1996816384, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_15560", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:05:11.072", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970982911, "entry_point": 1969618944, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_15561", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:05:11.074", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 73924608, "type": "region", "version": 1 }, "end_va": 74096639, "entry_point": 73924608, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_15562", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 73924608, "timestamp": "00:05:11.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 77135872, "type": "region", "version": 1 }, "end_va": 78741503, "entry_point": 0, "filename": null, "id": "region_15563", "name": "pagefile_0x0000000004990000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 77135872, "timestamp": "00:05:11.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1998696447, "entry_point": 1998520320, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_15564", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:05:11.076", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1956511743, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_15565", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:05:11.077", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 71565312, "type": "region", "version": 1 }, "end_va": 71585791, "entry_point": 71565312, "filename": "\\Windows\\SysWOW64\\en-US\\nslookup.exe.mui", "id": "region_15566", "name": "nslookup.exe.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\nslookup.exe.mui", "region_type": "memory_mapped_file", "start_va": 71565312, "timestamp": "00:05:11.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 78774272, "type": "region", "version": 1 }, "end_va": 80351231, "entry_point": 0, "filename": null, "id": "region_15567", "name": "pagefile_0x0000000004b20000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 78774272, "timestamp": "00:05:11.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 80412672, "type": "region", "version": 1 }, "end_va": 101384191, "entry_point": 0, "filename": null, "id": "region_15568", "name": "pagefile_0x0000000004cb0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 80412672, "timestamp": "00:05:11.080", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 73269248, "type": "region", "version": 1 }, "end_va": 73273343, "entry_point": 0, "filename": null, "id": "region_15569", "name": "private_0x00000000045e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 73269248, "timestamp": "00:05:11.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 73924608, "type": "region", "version": 1 }, "end_va": 73928703, "entry_point": 0, "filename": null, "id": "region_15570", "name": "private_0x0000000004680000", "norm_filename": null, "region_type": "private_memory", "start_va": 73924608, "timestamp": "00:05:11.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 45056, "start_va": 1943732224, "type": "region", "version": 1 }, "end_va": 1943777279, "entry_point": 1943732224, "filename": "\\Windows\\SysWOW64\\winrnr.dll", "id": "region_15571", "name": "winrnr.dll", "norm_filename": "c:\\windows\\syswow64\\winrnr.dll", "region_type": "memory_mapped_file", "start_va": 1943732224, "timestamp": "00:05:11.083", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1946222592, "type": "region", "version": 1 }, "end_va": 1946255359, "entry_point": 1946222592, "filename": "\\Windows\\SysWOW64\\rasadhlp.dll", "id": "region_15572", "name": "rasadhlp.dll", "norm_filename": "c:\\windows\\syswow64\\rasadhlp.dll", "region_type": "memory_mapped_file", "start_va": 1946222592, "timestamp": "00:05:11.085", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1947729920, "type": "region", "version": 1 }, "end_va": 1947926527, "entry_point": 1947729920, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_15573", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1947729920, "timestamp": "00:05:11.087", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1947664384, "type": "region", "version": 1 }, "end_va": 1947697151, "entry_point": 1947664384, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_15574", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1947664384, "timestamp": "00:05:11.088", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 286720, "start_va": 1946288128, "type": "region", "version": 1 }, "end_va": 1946574847, "entry_point": 1946288128, "filename": "\\Windows\\SysWOW64\\FWPUCLNT.DLL", "id": "region_15575", "name": "fwpuclnt.dll", "norm_filename": "c:\\windows\\syswow64\\fwpuclnt.dll", "region_type": "memory_mapped_file", "start_va": 1946288128, "timestamp": "00:05:11.090", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1945174016, "type": "region", "version": 1 }, "end_va": 1945284607, "entry_point": 1945174016, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_15576", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1945174016, "timestamp": "00:05:11.091", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 }, { "cmd_line": "\"C:\\Windows\\system32\\wbem\\wmic.exe\" shadowcopy delete", "filename": "c:\\windows\\syswow64\\wbem\\wmic.exe", "id": "proc_20", "image_name": "wmic.exe", "monitor_reason": "child_process", "monitored_id": 20, "origin_monitor_id": 15, "ref_parent_process": { "ref_id": "proc_15", "ref_source": "summary", "ref_type": "monitored_process", "type": "reference", "version": 1 }, "regions": [ { "dump": { "filename": "", "flags": [ "untracked_file_region" ], "info": "No dump was created because mapped file is not tracked", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 409600, "start_va": 13107200, "type": "region", "version": 1 }, "end_va": 13516799, "entry_point": 13107200, "filename": "\\Windows\\SysWOW64\\wbem\\WMIC.exe", "id": "region_15605", "name": "wmic.exe", "norm_filename": "c:\\windows\\syswow64\\wbem\\wmic.exe", "region_type": "memory_mapped_file", "start_va": 13107200, "timestamp": "00:05:16.078", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "" ], "ref_process_dump": null, "size": 67108864, "start_va": 15925248, "type": "region", "version": 1 }, "end_va": 83034111, "entry_point": 0, "filename": null, "id": "region_15606", "name": "pagefile_0x0000000000f30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 15925248, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 131072, "start_va": 83034112, "type": "region", "version": 1 }, "end_va": 83165183, "entry_point": 0, "filename": null, "id": "region_15607", "name": "private_0x0000000004f30000", "norm_filename": null, "region_type": "private_memory", "start_va": 83034112, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 83165184, "type": "region", "version": 1 }, "end_va": 83173375, "entry_point": 0, "filename": null, "id": "region_15608", "name": "private_0x0000000004f50000", "norm_filename": null, "region_type": "private_memory", "start_va": 83165184, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 81920, "start_va": 83230720, "type": "region", "version": 1 }, "end_va": 83312639, "entry_point": 0, "filename": null, "id": "region_15609", "name": "pagefile_0x0000000004f60000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83230720, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 83361792, "type": "region", "version": 1 }, "end_va": 83623935, "entry_point": 0, "filename": null, "id": "region_15610", "name": "private_0x0000000004f80000", "norm_filename": null, "region_type": "private_memory", "start_va": 83361792, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 83623936, "type": "region", "version": 1 }, "end_va": 83886079, "entry_point": 0, "filename": null, "id": "region_15611", "name": "private_0x0000000004fc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 83623936, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 83886080, "type": "region", "version": 1 }, "end_va": 83902463, "entry_point": 0, "filename": null, "id": "region_15612", "name": "pagefile_0x0000000005000000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83886080, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 83951616, "type": "region", "version": 1 }, "end_va": 83955711, "entry_point": 0, "filename": null, "id": "region_15613", "name": "pagefile_0x0000000005010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83951616, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 8192, "start_va": 84017152, "type": "region", "version": 1 }, "end_va": 84025343, "entry_point": 0, "filename": null, "id": "region_15614", "name": "private_0x0000000005020000", "norm_filename": null, "region_type": "private_memory", "start_va": 84017152, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1544192, "start_va": 2001076224, "type": "region", "version": 1 }, "end_va": 2002620415, "entry_point": 2001076224, "filename": "\\Windows\\SysWOW64\\ntdll.dll", "id": "region_15615", "name": "ntdll.dll", "norm_filename": "c:\\windows\\syswow64\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 2001076224, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 143360, "start_va": 2130771968, "type": "region", "version": 1 }, "end_va": 2130915327, "entry_point": 0, "filename": null, "id": "region_15616", "name": "pagefile_0x000000007f010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2130771968, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130923520, "type": "region", "version": 1 }, "end_va": 2130927615, "entry_point": 0, "filename": null, "id": "region_15617", "name": "private_0x000000007f035000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130923520, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 2130927616, "type": "region", "version": 1 }, "end_va": 2130931711, "entry_point": 0, "filename": null, "id": "region_15618", "name": "private_0x000000007f036000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130927616, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130956288, "type": "region", "version": 1 }, "end_va": 2130968575, "entry_point": 0, "filename": null, "id": "region_15619", "name": "private_0x000000007f03d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130956288, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 2147352576, "type": "region", "version": 1 }, "end_va": 2147418111, "entry_point": 0, "filename": null, "id": "region_15620", "name": "private_0x000000007ffe0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147352576, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 138510253686784, "start_va": 2147418112, "type": "region", "version": 1 }, "end_va": 138512401104895, "entry_point": 0, "filename": null, "id": "region_15621", "name": "private_0x000000007fff0000", "norm_filename": null, "region_type": "private_memory", "start_va": 2147418112, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "" ], "ref_process_dump": null, "size": 2199023255552, "start_va": 138512401104896, "type": "region", "version": 1 }, "end_va": 140711424360447, "entry_point": 0, "filename": null, "id": "region_15622", "name": "pagefile_0x00007df9ee770000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 138512401104896, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1843200, "start_va": 140711424360448, "type": "region", "version": 1 }, "end_va": 140711426203647, "entry_point": 140711424360448, "filename": "\\Windows\\System32\\ntdll.dll", "id": "region_15623", "name": "ntdll.dll", "norm_filename": "c:\\windows\\system32\\ntdll.dll", "region_type": "memory_mapped_file", "start_va": 140711424360448, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "ignored_region" ], "info": "No dump was created because this is an ignored region", "permissions": [ "readable" ], "ref_process_dump": null, "size": 26062086144, "start_va": 140711426203648, "type": "region", "version": 1 }, "end_va": 140737488289791, "entry_point": 0, "filename": null, "id": "region_15624", "name": "private_0x00007ff9ee932000", "norm_filename": null, "region_type": "private_memory", "start_va": 140711426203648, "timestamp": "00:05:16.079", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 85852160, "type": "region", "version": 1 }, "end_va": 85917695, "entry_point": 0, "filename": null, "id": "region_15626", "name": "private_0x00000000051e0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85852160, "timestamp": "00:05:16.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 323584, "start_va": 1942814720, "type": "region", "version": 1 }, "end_va": 1943138303, "entry_point": 1942814720, "filename": "\\Windows\\System32\\wow64.dll", "id": "region_15627", "name": "wow64.dll", "norm_filename": "c:\\windows\\system32\\wow64.dll", "region_type": "memory_mapped_file", "start_va": 1942814720, "timestamp": "00:05:16.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 471040, "start_va": 1943207936, "type": "region", "version": 1 }, "end_va": 1943678975, "entry_point": 1943207936, "filename": "\\Windows\\System32\\wow64win.dll", "id": "region_15628", "name": "wow64win.dll", "norm_filename": "c:\\windows\\system32\\wow64win.dll", "region_type": "memory_mapped_file", "start_va": 1943207936, "timestamp": "00:05:16.100", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 84410368, "type": "region", "version": 1 }, "end_va": 85458943, "entry_point": 0, "filename": null, "id": "region_15629", "name": "private_0x0000000005080000", "norm_filename": null, "region_type": "private_memory", "start_va": 84410368, "timestamp": "00:05:16.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1943142400, "type": "region", "version": 1 }, "end_va": 1943175167, "entry_point": 1943142400, "filename": "\\Windows\\System32\\wow64cpu.dll", "id": "region_15630", "name": "wow64cpu.dll", "norm_filename": "c:\\windows\\system32\\wow64cpu.dll", "region_type": "memory_mapped_file", "start_va": 1943142400, "timestamp": "00:05:16.108", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 83034112, "type": "region", "version": 1 }, "end_va": 83099647, "entry_point": 0, "filename": null, "id": "region_15675", "name": "pagefile_0x0000000004f30000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 83034112, "timestamp": "00:05:16.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 83099648, "type": "region", "version": 1 }, "end_va": 83116031, "entry_point": 0, "filename": null, "id": "region_15676", "name": "private_0x0000000004f40000", "norm_filename": null, "region_type": "private_memory", "start_va": 83099648, "timestamp": "00:05:16.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 84082688, "type": "region", "version": 1 }, "end_va": 84344831, "entry_point": 0, "filename": null, "id": "region_15677", "name": "private_0x0000000005030000", "norm_filename": null, "region_type": "private_memory", "start_va": 84082688, "timestamp": "00:05:16.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 85458944, "type": "region", "version": 1 }, "end_va": 85721087, "entry_point": 0, "filename": null, "id": "region_15678", "name": "private_0x0000000005180000", "norm_filename": null, "region_type": "private_memory", "start_va": 85458944, "timestamp": "00:05:16.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 778240, "start_va": 85917696, "type": "region", "version": 1 }, "end_va": 86695935, "entry_point": 85917696, "filename": "\\Windows\\System32\\locale.nls", "id": "region_15679", "name": "locale.nls", "norm_filename": "c:\\windows\\system32\\locale.nls", "region_type": "memory_mapped_file", "start_va": 85917696, "timestamp": "00:05:16.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 88604672, "type": "region", "version": 1 }, "end_va": 88670207, "entry_point": 0, "filename": null, "id": "region_15680", "name": "private_0x0000000005480000", "norm_filename": null, "region_type": "private_memory", "start_va": 88604672, "timestamp": "00:05:16.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 258048, "start_va": 1944125440, "type": "region", "version": 1 }, "end_va": 1944383487, "entry_point": 1944125440, "filename": "\\Windows\\SysWOW64\\framedynos.dll", "id": "region_15681", "name": "framedynos.dll", "norm_filename": "c:\\windows\\syswow64\\framedynos.dll", "region_type": "memory_mapped_file", "start_va": 1944125440, "timestamp": "00:05:16.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 32768, "start_va": 1947664384, "type": "region", "version": 1 }, "end_va": 1947697151, "entry_point": 1947664384, "filename": "\\Windows\\SysWOW64\\winnsi.dll", "id": "region_15682", "name": "winnsi.dll", "norm_filename": "c:\\windows\\syswow64\\winnsi.dll", "region_type": "memory_mapped_file", "start_va": 1947664384, "timestamp": "00:05:16.332", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 196608, "start_va": 1947729920, "type": "region", "version": 1 }, "end_va": 1947926527, "entry_point": 1947729920, "filename": "\\Windows\\SysWOW64\\IPHLPAPI.DLL", "id": "region_15683", "name": "iphlpapi.dll", "norm_filename": "c:\\windows\\syswow64\\iphlpapi.dll", "region_type": "memory_mapped_file", "start_va": 1947729920, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 364544, "start_va": 1951399936, "type": "region", "version": 1 }, "end_va": 1951764479, "entry_point": 1951399936, "filename": "\\Windows\\SysWOW64\\bcryptprimitives.dll", "id": "region_15684", "name": "bcryptprimitives.dll", "norm_filename": "c:\\windows\\syswow64\\bcryptprimitives.dll", "region_type": "memory_mapped_file", "start_va": 1951399936, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 40960, "start_va": 1951793152, "type": "region", "version": 1 }, "end_va": 1951834111, "entry_point": 1951793152, "filename": "\\Windows\\SysWOW64\\cryptbase.dll", "id": "region_15685", "name": "cryptbase.dll", "norm_filename": "c:\\windows\\syswow64\\cryptbase.dll", "region_type": "memory_mapped_file", "start_va": 1951793152, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1951858688, "type": "region", "version": 1 }, "end_va": 1951981567, "entry_point": 1951858688, "filename": "\\Windows\\SysWOW64\\sspicli.dll", "id": "region_15686", "name": "sspicli.dll", "norm_filename": "c:\\windows\\syswow64\\sspicli.dll", "region_type": "memory_mapped_file", "start_va": 1951858688, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1531904, "start_va": 1952120832, "type": "region", "version": 1 }, "end_va": 1953652735, "entry_point": 1952120832, "filename": "\\Windows\\SysWOW64\\KernelBase.dll", "id": "region_15687", "name": "kernelbase.dll", "norm_filename": "c:\\windows\\syswow64\\kernelbase.dll", "region_type": "memory_mapped_file", "start_va": 1952120832, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 274432, "start_va": 1953693696, "type": "region", "version": 1 }, "end_va": 1953968127, "entry_point": 1953693696, "filename": "\\Windows\\SysWOW64\\sechost.dll", "id": "region_15688", "name": "sechost.dll", "norm_filename": "c:\\windows\\syswow64\\sechost.dll", "region_type": "memory_mapped_file", "start_va": 1953693696, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 983040, "start_va": 1954021376, "type": "region", "version": 1 }, "end_va": 1955004415, "entry_point": 1954021376, "filename": "\\Windows\\SysWOW64\\kernel32.dll", "id": "region_15689", "name": "kernel32.dll", "norm_filename": "c:\\windows\\syswow64\\kernel32.dll", "region_type": "memory_mapped_file", "start_va": 1954021376, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1810432, "start_va": 1956511744, "type": "region", "version": 1 }, "end_va": 1958322175, "entry_point": 1956511744, "filename": "\\Windows\\SysWOW64\\combase.dll", "id": "region_15690", "name": "combase.dll", "norm_filename": "c:\\windows\\syswow64\\combase.dll", "region_type": "memory_mapped_file", "start_va": 1956511744, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 704512, "start_va": 1958346752, "type": "region", "version": 1 }, "end_va": 1959051263, "entry_point": 1958346752, "filename": "\\Windows\\SysWOW64\\rpcrt4.dll", "id": "region_15691", "name": "rpcrt4.dll", "norm_filename": "c:\\windows\\syswow64\\rpcrt4.dll", "region_type": "memory_mapped_file", "start_va": 1958346752, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 28672, "start_va": 1962147840, "type": "region", "version": 1 }, "end_va": 1962176511, "entry_point": 1962147840, "filename": "\\Windows\\SysWOW64\\nsi.dll", "id": "region_15692", "name": "nsi.dll", "norm_filename": "c:\\windows\\syswow64\\nsi.dll", "region_type": "memory_mapped_file", "start_va": 1962147840, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 778240, "start_va": 2000289792, "type": "region", "version": 1 }, "end_va": 2001068031, "entry_point": 2000289792, "filename": "\\Windows\\SysWOW64\\msvcrt.dll", "id": "region_15693", "name": "msvcrt.dll", "norm_filename": "c:\\windows\\syswow64\\msvcrt.dll", "region_type": "memory_mapped_file", "start_va": 2000289792, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1048576, "start_va": 2129723392, "type": "region", "version": 1 }, "end_va": 2130771967, "entry_point": 0, "filename": null, "id": "region_15694", "name": "pagefile_0x000000007ef10000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 2129723392, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130944000, "type": "region", "version": 1 }, "end_va": 2130956287, "entry_point": 0, "filename": null, "id": "region_15695", "name": "private_0x000000007f03a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130944000, "timestamp": "00:05:16.333", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 49152, "start_va": 1969553408, "type": "region", "version": 1 }, "end_va": 1969602559, "entry_point": 1969553408, "filename": "\\Windows\\SysWOW64\\kernel.appcore.dll", "id": "region_15696", "name": "kernel.appcore.dll", "norm_filename": "c:\\windows\\syswow64\\kernel.appcore.dll", "region_type": "memory_mapped_file", "start_va": 1969553408, "timestamp": "00:05:16.336", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1310720, "start_va": 1996816384, "type": "region", "version": 1 }, "end_va": 1998127103, "entry_point": 1996816384, "filename": "\\Windows\\SysWOW64\\user32.dll", "id": "region_15697", "name": "user32.dll", "norm_filename": "c:\\windows\\syswow64\\user32.dll", "region_type": "memory_mapped_file", "start_va": 1996816384, "timestamp": "00:05:16.337", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1363968, "start_va": 1969618944, "type": "region", "version": 1 }, "end_va": 1970982911, "entry_point": 1969618944, "filename": "\\Windows\\SysWOW64\\gdi32.dll", "id": "region_15698", "name": "gdi32.dll", "norm_filename": "c:\\windows\\syswow64\\gdi32.dll", "region_type": "memory_mapped_file", "start_va": 1969618944, "timestamp": "00:05:16.339", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1605632, "start_va": 86704128, "type": "region", "version": 1 }, "end_va": 88309759, "entry_point": 0, "filename": null, "id": "region_15699", "name": "pagefile_0x00000000052b0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 86704128, "timestamp": "00:05:16.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 172032, "start_va": 88342528, "type": "region", "version": 1 }, "end_va": 88514559, "entry_point": 88342528, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_15700", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 88342528, "timestamp": "00:05:16.341", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 176128, "start_va": 1998520320, "type": "region", "version": 1 }, "end_va": 1998696447, "entry_point": 1998520320, "filename": "\\Windows\\SysWOW64\\imm32.dll", "id": "region_15701", "name": "imm32.dll", "norm_filename": "c:\\windows\\syswow64\\imm32.dll", "region_type": "memory_mapped_file", "start_va": 1998520320, "timestamp": "00:05:16.342", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1179648, "start_va": 1955332096, "type": "region", "version": 1 }, "end_va": 1956511743, "entry_point": 1955332096, "filename": "\\Windows\\SysWOW64\\msctf.dll", "id": "region_15702", "name": "msctf.dll", "norm_filename": "c:\\windows\\syswow64\\msctf.dll", "region_type": "memory_mapped_file", "start_va": 1955332096, "timestamp": "00:05:16.343", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 65536, "start_va": 83165184, "type": "region", "version": 1 }, "end_va": 83230719, "entry_point": 83165184, "filename": "\\Windows\\SysWOW64\\wbem\\en-US\\WMIC.exe.mui", "id": "region_15703", "name": "wmic.exe.mui", "norm_filename": "c:\\windows\\syswow64\\wbem\\en-us\\wmic.exe.mui", "region_type": "memory_mapped_file", "start_va": 83165184, "timestamp": "00:05:16.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 1576960, "start_va": 88670208, "type": "region", "version": 1 }, "end_va": 90247167, "entry_point": 0, "filename": null, "id": "region_15704", "name": "pagefile_0x0000000005490000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 88670208, "timestamp": "00:05:16.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "region_too_big" ], "info": "No dump was created because region size surpasses maximum region dump size of the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20971520, "start_va": 90308608, "type": "region", "version": 1 }, "end_va": 111280127, "entry_point": 0, "filename": null, "id": "region_15705", "name": "pagefile_0x0000000005620000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 90308608, "timestamp": "00:05:16.346", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 84344832, "type": "region", "version": 1 }, "end_va": 84348927, "entry_point": 0, "filename": null, "id": "region_15706", "name": "private_0x0000000005070000", "norm_filename": null, "region_type": "private_memory", "start_va": 84344832, "timestamp": "00:05:16.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4096, "start_va": 85721088, "type": "region", "version": 1 }, "end_va": 85725183, "entry_point": 0, "filename": null, "id": "region_15707", "name": "private_0x00000000051c0000", "norm_filename": null, "region_type": "private_memory", "start_va": 85721088, "timestamp": "00:05:16.349", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 85786624, "type": "region", "version": 1 }, "end_va": 85790719, "entry_point": 0, "filename": null, "id": "region_15708", "name": "pagefile_0x00000000051d0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 85786624, "timestamp": "00:05:16.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 532480, "start_va": 1964310528, "type": "region", "version": 1 }, "end_va": 1964843007, "entry_point": 1964310528, "filename": "\\Windows\\SysWOW64\\clbcatq.dll", "id": "region_15709", "name": "clbcatq.dll", "norm_filename": "c:\\windows\\syswow64\\clbcatq.dll", "region_type": "memory_mapped_file", "start_va": 1964310528, "timestamp": "00:05:16.357", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 88342528, "type": "region", "version": 1 }, "end_va": 88346623, "entry_point": 0, "filename": null, "id": "region_15710", "name": "pagefile_0x0000000005440000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 88342528, "timestamp": "00:05:16.358", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 53248, "start_va": 1946157056, "type": "region", "version": 1 }, "end_va": 1946210303, "entry_point": 1946157056, "filename": "\\Windows\\SysWOW64\\wbem\\wbemprox.dll", "id": "region_15711", "name": "wbemprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemprox.dll", "region_type": "memory_mapped_file", "start_va": 1946157056, "timestamp": "00:05:16.360", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 376832, "start_va": 1968177152, "type": "region", "version": 1 }, "end_va": 1968553983, "entry_point": 1968177152, "filename": "\\Windows\\SysWOW64\\ws2_32.dll", "id": "region_15712", "name": "ws2_32.dll", "norm_filename": "c:\\windows\\syswow64\\ws2_32.dll", "region_type": "memory_mapped_file", "start_va": 1968177152, "timestamp": "00:05:16.361", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 417792, "start_va": 1927479296, "type": "region", "version": 1 }, "end_va": 1927897087, "entry_point": 1927479296, "filename": "\\Windows\\SysWOW64\\wbemcomn.dll", "id": "region_15713", "name": "wbemcomn.dll", "norm_filename": "c:\\windows\\syswow64\\wbemcomn.dll", "region_type": "memory_mapped_file", "start_va": 1927479296, "timestamp": "00:05:16.363", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 110592, "start_va": 1945174016, "type": "region", "version": 1 }, "end_va": 1945284607, "entry_point": 1945174016, "filename": "\\Windows\\SysWOW64\\bcrypt.dll", "id": "region_15714", "name": "bcrypt.dll", "norm_filename": "c:\\windows\\syswow64\\bcrypt.dll", "region_type": "memory_mapped_file", "start_va": 1945174016, "timestamp": "00:05:16.365", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 3371008, "start_va": 111280128, "type": "region", "version": 1 }, "end_va": 114651135, "entry_point": 111280128, "filename": "\\Windows\\Globalization\\Sorting\\SortDefault.nls", "id": "region_15715", "name": "sortdefault.nls", "norm_filename": "c:\\windows\\globalization\\sorting\\sortdefault.nls", "region_type": "memory_mapped_file", "start_va": 111280128, "timestamp": "00:05:16.369", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 598016, "start_va": 1998848000, "type": "region", "version": 1 }, "end_va": 1999446015, "entry_point": 1998848000, "filename": "\\Windows\\SysWOW64\\oleaut32.dll", "id": "region_15716", "name": "oleaut32.dll", "norm_filename": "c:\\windows\\syswow64\\oleaut32.dll", "region_type": "memory_mapped_file", "start_va": 1998848000, "timestamp": "00:05:16.370", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 954368, "start_va": 114688000, "type": "region", "version": 1 }, "end_va": 115642367, "entry_point": 114688000, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_15717", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 114688000, "timestamp": "00:05:16.371", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 16384, "start_va": 88408064, "type": "region", "version": 1 }, "end_va": 88424447, "entry_point": 0, "filename": null, "id": "region_15718", "name": "private_0x0000000005450000", "norm_filename": null, "region_type": "private_memory", "start_va": 88408064, "timestamp": "00:05:16.374", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1638400, "start_va": 1925840896, "type": "region", "version": 1 }, "end_va": 1927479295, "entry_point": 1925840896, "filename": "\\Windows\\SysWOW64\\msxml3.dll", "id": "region_15719", "name": "msxml3.dll", "norm_filename": "c:\\windows\\syswow64\\msxml3.dll", "region_type": "memory_mapped_file", "start_va": 1925840896, "timestamp": "00:05:16.380", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 720896, "start_va": 114688000, "type": "region", "version": 1 }, "end_va": 115408895, "entry_point": 0, "filename": null, "id": "region_15720", "name": "private_0x0000000006d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 114688000, "timestamp": "00:05:16.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 2097152, "start_va": 115408896, "type": "region", "version": 1 }, "end_va": 117506047, "entry_point": 0, "filename": null, "id": "region_15721", "name": "private_0x0000000006e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 115408896, "timestamp": "00:05:16.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 458752, "start_va": 114688000, "type": "region", "version": 1 }, "end_va": 115146751, "entry_point": 0, "filename": null, "id": "region_15722", "name": "private_0x0000000006d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 114688000, "timestamp": "00:05:16.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 115343360, "type": "region", "version": 1 }, "end_va": 115408895, "entry_point": 0, "filename": null, "id": "region_15723", "name": "private_0x0000000006e00000", "norm_filename": null, "region_type": "private_memory", "start_va": 115343360, "timestamp": "00:05:16.382", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1441792, "start_va": 115408896, "type": "region", "version": 1 }, "end_va": 116850687, "entry_point": 0, "filename": null, "id": "region_15724", "name": "private_0x0000000006e10000", "norm_filename": null, "region_type": "private_memory", "start_va": 115408896, "timestamp": "00:05:16.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 117440512, "type": "region", "version": 1 }, "end_va": 117506047, "entry_point": 0, "filename": null, "id": "region_15725", "name": "private_0x0000000007000000", "norm_filename": null, "region_type": "private_memory", "start_va": 117440512, "timestamp": "00:05:16.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 117506048, "type": "region", "version": 1 }, "end_va": 119144447, "entry_point": 0, "filename": null, "id": "region_15726", "name": "private_0x0000000007010000", "norm_filename": null, "region_type": "private_memory", "start_va": 117506048, "timestamp": "00:05:16.383", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 913408, "start_va": 115408896, "type": "region", "version": 1 }, "end_va": 116322303, "entry_point": 115408896, "filename": "\\Windows\\SysWOW64\\en-US\\KernelBase.dll.mui", "id": "region_15727", "name": "kernelbase.dll.mui", "norm_filename": "c:\\windows\\syswow64\\en-us\\kernelbase.dll.mui", "region_type": "memory_mapped_file", "start_va": 115408896, "timestamp": "00:05:16.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 116785152, "type": "region", "version": 1 }, "end_va": 116850687, "entry_point": 0, "filename": null, "id": "region_15728", "name": "private_0x0000000006f60000", "norm_filename": null, "region_type": "private_memory", "start_va": 116785152, "timestamp": "00:05:16.384", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 4194304, "start_va": 119144448, "type": "region", "version": 1 }, "end_va": 123338751, "entry_point": 0, "filename": null, "id": "region_15729", "name": "private_0x00000000071a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 119144448, "timestamp": "00:05:16.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 88473600, "type": "region", "version": 1 }, "end_va": 88477695, "entry_point": 88473600, "filename": "\\Windows\\SysWOW64\\msxml3r.dll", "id": "region_15730", "name": "msxml3r.dll", "norm_filename": "c:\\windows\\syswow64\\msxml3r.dll", "region_type": "memory_mapped_file", "start_va": 88473600, "timestamp": "00:05:16.385", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "" ], "ref_process_dump": null, "size": 131072, "start_va": 114688000, "type": "region", "version": 1 }, "end_va": 114819071, "entry_point": 0, "filename": null, "id": "region_15731", "name": "private_0x0000000006d60000", "norm_filename": null, "region_type": "private_memory", "start_va": 114688000, "timestamp": "00:05:16.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 115081216, "type": "region", "version": 1 }, "end_va": 115146751, "entry_point": 0, "filename": null, "id": "region_15732", "name": "private_0x0000000006dc0000", "norm_filename": null, "region_type": "private_memory", "start_va": 115081216, "timestamp": "00:05:16.386", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 1441792, "start_va": 1917911040, "type": "region", "version": 1 }, "end_va": 1919352831, "entry_point": 1917911040, "filename": "\\Windows\\SysWOW64\\urlmon.dll", "id": "region_15733", "name": "urlmon.dll", "norm_filename": "c:\\windows\\syswow64\\urlmon.dll", "region_type": "memory_mapped_file", "start_va": 1917911040, "timestamp": "00:05:16.388", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 503808, "start_va": 1959329792, "type": "region", "version": 1 }, "end_va": 1959833599, "entry_point": 1959329792, "filename": "\\Windows\\SysWOW64\\advapi32.dll", "id": "region_15734", "name": "advapi32.dll", "norm_filename": "c:\\windows\\syswow64\\advapi32.dll", "region_type": "memory_mapped_file", "start_va": 1959329792, "timestamp": "00:05:16.389", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 577536, "start_va": 1965424640, "type": "region", "version": 1 }, "end_va": 1966002175, "entry_point": 1965424640, "filename": "\\Windows\\SysWOW64\\SHCore.dll", "id": "region_15735", "name": "shcore.dll", "norm_filename": "c:\\windows\\syswow64\\shcore.dll", "region_type": "memory_mapped_file", "start_va": 1965424640, "timestamp": "00:05:16.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 278528, "start_va": 1963982848, "type": "region", "version": 1 }, "end_va": 1964261375, "entry_point": 1963982848, "filename": "\\Windows\\SysWOW64\\shlwapi.dll", "id": "region_15736", "name": "shlwapi.dll", "norm_filename": "c:\\windows\\syswow64\\shlwapi.dll", "region_type": "memory_mapped_file", "start_va": 1963982848, "timestamp": "00:05:16.391", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2887680, "start_va": 1919352832, "type": "region", "version": 1 }, "end_va": 1922240511, "entry_point": 1919352832, "filename": "\\Windows\\SysWOW64\\iertutil.dll", "id": "region_15737", "name": "iertutil.dll", "norm_filename": "c:\\windows\\syswow64\\iertutil.dll", "region_type": "memory_mapped_file", "start_va": 1919352832, "timestamp": "00:05:16.393", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 2244608, "start_va": 1949040640, "type": "region", "version": 1 }, "end_va": 1951285247, "entry_point": 1949040640, "filename": "\\Windows\\SysWOW64\\wininet.dll", "id": "region_15738", "name": "wininet.dll", "norm_filename": "c:\\windows\\syswow64\\wininet.dll", "region_type": "memory_mapped_file", "start_va": 1949040640, "timestamp": "00:05:16.398", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 958464, "start_va": 1968570368, "type": "region", "version": 1 }, "end_va": 1969528831, "entry_point": 1968570368, "filename": "\\Windows\\SysWOW64\\ole32.dll", "id": "region_15739", "name": "ole32.dll", "norm_filename": "c:\\windows\\syswow64\\ole32.dll", "region_type": "memory_mapped_file", "start_va": 1968570368, "timestamp": "00:05:16.401", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 479232, "start_va": 1945567232, "type": "region", "version": 1 }, "end_va": 1946046463, "entry_point": 1945567232, "filename": "\\Windows\\SysWOW64\\uxtheme.dll", "id": "region_15740", "name": "uxtheme.dll", "norm_filename": "c:\\windows\\syswow64\\uxtheme.dll", "region_type": "memory_mapped_file", "start_va": 1945567232, "timestamp": "00:05:16.406", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1638400, "start_va": 123338752, "type": "region", "version": 1 }, "end_va": 124977151, "entry_point": 0, "filename": null, "id": "region_15741", "name": "private_0x00000000075a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 123338752, "timestamp": "00:05:16.407", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 4096, "start_va": 88539136, "type": "region", "version": 1 }, "end_va": 88543231, "entry_point": 0, "filename": null, "id": "region_15742", "name": "pagefile_0x0000000005470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 88539136, "timestamp": "00:05:16.412", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 753664, "start_va": 117506048, "type": "region", "version": 1 }, "end_va": 118259711, "entry_point": 0, "filename": null, "id": "region_15743", "name": "pagefile_0x0000000007010000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 117506048, "timestamp": "00:05:16.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 119078912, "type": "region", "version": 1 }, "end_va": 119144447, "entry_point": 0, "filename": null, "id": "region_15744", "name": "private_0x0000000007190000", "norm_filename": null, "region_type": "private_memory", "start_va": 119078912, "timestamp": "00:05:16.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable" ], "ref_process_dump": null, "size": 16384, "start_va": 88539136, "type": "region", "version": 1 }, "end_va": 88555519, "entry_point": 0, "filename": null, "id": "region_15745", "name": "pagefile_0x0000000005470000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 88539136, "timestamp": "00:05:16.413", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 118784, "start_va": 1945436160, "type": "region", "version": 1 }, "end_va": 1945554943, "entry_point": 1945436160, "filename": "\\Windows\\SysWOW64\\dwmapi.dll", "id": "region_15746", "name": "dwmapi.dll", "norm_filename": "c:\\windows\\syswow64\\dwmapi.dll", "region_type": "memory_mapped_file", "start_va": 1945436160, "timestamp": "00:05:16.414", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 1048576, "start_va": 123338752, "type": "region", "version": 1 }, "end_va": 124387327, "entry_point": 0, "filename": null, "id": "region_15747", "name": "private_0x00000000075a0000", "norm_filename": null, "region_type": "private_memory", "start_va": 123338752, "timestamp": "00:05:16.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 65536, "start_va": 124911616, "type": "region", "version": 1 }, "end_va": 124977151, "entry_point": 0, "filename": null, "id": "region_15748", "name": "private_0x0000000007720000", "norm_filename": null, "region_type": "private_memory", "start_va": 124911616, "timestamp": "00:05:16.418", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 77824, "start_va": 1945305088, "type": "region", "version": 1 }, "end_va": 1945382911, "entry_point": 1945305088, "filename": "\\Windows\\SysWOW64\\cryptsp.dll", "id": "region_15749", "name": "cryptsp.dll", "norm_filename": "c:\\windows\\syswow64\\cryptsp.dll", "region_type": "memory_mapped_file", "start_va": 1945305088, "timestamp": "00:05:16.436", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 192512, "start_va": 1944977408, "type": "region", "version": 1 }, "end_va": 1945169919, "entry_point": 1944977408, "filename": "\\Windows\\SysWOW64\\rsaenh.dll", "id": "region_15750", "name": "rsaenh.dll", "norm_filename": "c:\\windows\\syswow64\\rsaenh.dll", "region_type": "memory_mapped_file", "start_va": 1944977408, "timestamp": "00:05:16.437", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 114819072, "type": "region", "version": 1 }, "end_va": 115081215, "entry_point": 0, "filename": null, "id": "region_15751", "name": "private_0x0000000006d80000", "norm_filename": null, "region_type": "private_memory", "start_va": 114819072, "timestamp": "00:05:16.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 116326400, "type": "region", "version": 1 }, "end_va": 116588543, "entry_point": 0, "filename": null, "id": "region_15752", "name": "private_0x0000000006ef0000", "norm_filename": null, "region_type": "private_memory", "start_va": 116326400, "timestamp": "00:05:16.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 116850688, "type": "region", "version": 1 }, "end_va": 117112831, "entry_point": 0, "filename": null, "id": "region_15753", "name": "private_0x0000000006f70000", "norm_filename": null, "region_type": "private_memory", "start_va": 116850688, "timestamp": "00:05:16.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 117112832, "type": "region", "version": 1 }, "end_va": 117374975, "entry_point": 0, "filename": null, "id": "region_15754", "name": "private_0x0000000006fb0000", "norm_filename": null, "region_type": "private_memory", "start_va": 117112832, "timestamp": "00:05:16.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 118292480, "type": "region", "version": 1 }, "end_va": 118554623, "entry_point": 0, "filename": null, "id": "region_15755", "name": "private_0x00000000070d0000", "norm_filename": null, "region_type": "private_memory", "start_va": 118292480, "timestamp": "00:05:16.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 262144, "start_va": 118554624, "type": "region", "version": 1 }, "end_va": 118816767, "entry_point": 0, "filename": null, "id": "region_15756", "name": "private_0x0000000007110000", "norm_filename": null, "region_type": "private_memory", "start_va": 118554624, "timestamp": "00:05:16.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2129698816, "type": "region", "version": 1 }, "end_va": 2129711103, "entry_point": 0, "filename": null, "id": "region_15757", "name": "private_0x000000007ef0a000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129698816, "timestamp": "00:05:16.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2129711104, "type": "region", "version": 1 }, "end_va": 2129723391, "entry_point": 0, "filename": null, "id": "region_15758", "name": "private_0x000000007ef0d000", "norm_filename": null, "region_type": "private_memory", "start_va": 2129711104, "timestamp": "00:05:16.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "max_num_dumps_reached" ], "info": "No dump was created because the maximum number of dumps was reached", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 12288, "start_va": 2130931712, "type": "region", "version": 1 }, "end_va": 2130943999, "entry_point": 0, "filename": null, "id": "region_15759", "name": "private_0x000000007f037000", "norm_filename": null, "region_type": "private_memory", "start_va": 2130931712, "timestamp": "00:05:16.443", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 69632, "start_va": 1943994368, "type": "region", "version": 1 }, "end_va": 1944063999, "entry_point": 1943994368, "filename": "\\Windows\\SysWOW64\\wbem\\wbemsvc.dll", "id": "region_15760", "name": "wbemsvc.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wbemsvc.dll", "region_type": "memory_mapped_file", "start_va": 1943994368, "timestamp": "00:05:16.449", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 770048, "start_va": 1925054464, "type": "region", "version": 1 }, "end_va": 1925824511, "entry_point": 1925054464, "filename": "\\Windows\\SysWOW64\\wbem\\fastprox.dll", "id": "region_15761", "name": "fastprox.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\fastprox.dll", "region_type": "memory_mapped_file", "start_va": 1925054464, "timestamp": "00:05:16.455", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "pagefile_backed_regions_ignored" ], "info": "No dump created because pagefile backed regions are disabled in the configuration", "permissions": [ "readable", "writable" ], "ref_process_dump": null, "size": 53248, "start_va": 115146752, "type": "region", "version": 1 }, "end_va": 115199999, "entry_point": 0, "filename": null, "id": "region_15762", "name": "pagefile_0x0000000006dd0000", "norm_filename": null, "region_type": "pagefile_backed_memory", "start_va": 115146752, "timestamp": "00:05:16.483", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable", "writable", "executable" ], "ref_process_dump": null, "size": 122880, "start_va": 1943732224, "type": "region", "version": 1 }, "end_va": 1943855103, "entry_point": 1943732224, "filename": "\\Windows\\SysWOW64\\wbem\\wmiutils.dll", "id": "region_15867", "name": "wmiutils.dll", "norm_filename": "c:\\windows\\syswow64\\wbem\\wmiutils.dll", "region_type": "memory_mapped_file", "start_va": 1943732224, "timestamp": "00:05:17.487", "type": "region", "version": 1 }, { "dump": { "filename": "", "flags": [ "unmonitored" ], "info": "No dump was created because region is not monitored", "permissions": [ "readable" ], "ref_process_dump": null, "size": 20480, "start_va": 115146752, "type": "region", "version": 1 }, "end_va": 115167231, "entry_point": 115146752, "filename": "\\Windows\\SysWOW64\\wbem\\en-US\\wmiutils.dll.mui", "id": "region_15868", "name": "wmiutils.dll.mui", "norm_filename": "c:\\windows\\syswow64\\wbem\\en-us\\wmiutils.dll.mui", "region_type": "memory_mapped_file", "start_va": 115146752, "timestamp": "00:05:17.488", "type": "region", "version": 1 } ], "terminate_reason": "terminated", "type": "monitored_process", "unmonitor_reason": "terminated_by_timeout", "version": 1 } ], "remarks": { "critical": [], "non_critical": [ { "comment": "The maximum number of dumps was reached during the analysis. Some memory dumps may be missing in the reports. You can increase the limit in the configuration.", "id": 2048, "type": "remark", "version": 1 }, { "comment": "The dump total size limit was reached during the analysis. Some memory dump may be missing in the reports. You can increase the limit in the configuration.", "id": 512, "type": "remark", "version": 1 }, { "comment": "The operating system was rebooted during the analysis.", "id": 128, "type": "remark", "version": 1 } ], "type": "remarks", "version": 1 }, "sample_details": { "filename": "bi35.exe", "id": 21000, "md5_hash": "2548e6fc9eb17e55d22dcfb4bf27212d", "sample_type": "windows_exe_(x86-32)", "sha1_hash": "93dd44a5f16cedd2f4793bd8b9a19523d49fc9e8", "sha256_hash": "5d53050a1509bcc9d97552fa52c1105b51967f4ccf2bde717b502605db1b5011", "size": 131584, "type": "sample_details", "version": 1 }, "screenshots": [ { "screenshot_archive_path": "screenshots/screenshot_0.png", "size": 534362, "thumbnail_archive_path": "screenshots/thumbnail_0.png", "timestamp": "00:00:00.000", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_26047.png", "size": 250528, "thumbnail_archive_path": "screenshots/thumbnail_26047.png", "timestamp": "00:00:26.047", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_28128.png", "size": 534141, "thumbnail_archive_path": "screenshots/thumbnail_28128.png", "timestamp": "00:00:28.128", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_58657.png", "size": 8735, "thumbnail_archive_path": "screenshots/thumbnail_58657.png", "timestamp": "00:00:58.657", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_79351.png", "size": 3848, "thumbnail_archive_path": "screenshots/thumbnail_79351.png", "timestamp": "00:01:19.351", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_99064.png", "size": 9276, "thumbnail_archive_path": "screenshots/thumbnail_99064.png", "timestamp": "00:01:39.064", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_100072.png", "size": 458936, "thumbnail_archive_path": "screenshots/thumbnail_100072.png", "timestamp": "00:01:40.072", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_107163.png", "size": 529620, "thumbnail_archive_path": "screenshots/thumbnail_107163.png", "timestamp": "00:01:47.163", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_117595.png", "size": 276390, "thumbnail_archive_path": "screenshots/thumbnail_117595.png", "timestamp": "00:01:57.595", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_137998.png", "size": 272730, "thumbnail_archive_path": "screenshots/thumbnail_137998.png", "timestamp": "00:02:17.998", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_153200.png", "size": 277840, "thumbnail_archive_path": "screenshots/thumbnail_153200.png", "timestamp": "00:02:33.200", "type": "screenshot", "version": 1 }, { "screenshot_archive_path": "screenshots/screenshot_154468.png", "size": 272440, "thumbnail_archive_path": "screenshots/thumbnail_154468.png", "timestamp": "00:02:34.468", "type": "screenshot", "version": 1 } ], "type": "summary", "version": 1, "vm_and_analyzer_details": { "adobe_acrobat_reader_version": "not_installed", "analyzer_build_date": "2018-01-26 18:27", "analyzer_version": "2.2.0", "chrome_version": "58.0.3029.110", "firefox_version": "53.0.3", "flash_version": "25.0.0.148", "internet_explorer_version": "11.0.10240.16384", "java_version": "8.0.1310.11", "microsoft_excel_version": "not_installed", "microsoft_office_version": "not_installed", "microsoft_power_point_version": "not_installed", "microsoft_project_version": "not_installed", "microsoft_publisher_version": "not_installed", "microsoft_visio_version": "not_installed", "microsoft_word_version": "not_installed", "silverlight_version": "not_installed", "type": "vm_and_analyzer_details", "version": 1, "vm_architecture": "x86_64-bit", "vm_kernel_version": "10.0.10240.16384_(c68ee22f-dcf6-4778-95c5-4a862be16567)", "vm_name": null, "vm_os": "windows_10_threshold_1" }, "vti": { "type": "vti", "version": 1, "vti_built_in_rules_version": "2.6", "vti_rule_matches": [ { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_dynamic_api_usage", "operation_desc": "Dynamic API usage", "ref_gfncalls": [ { "ref_id": "gfn_566", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_dynamic_api_usage_by_api", "technique_desc": "Resolve above average number of APIs.", "technique_path": "built_in._anti_analysis._dynamic_api_usage.vmray_dynamic_api_usage_by_api", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "read" ], "reg_key_name": "HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_anti_analysis", "category_desc": "Anti Analysis", "operation": "_detect_vm", "operation_desc": "Try to detect virtual machine", "ref_gfncalls": [ { "ref_id": "gfn_654", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_detect_generic_vm_by_registry", "technique_desc": "Readout system information, commonly used to detect VMs via registry. (Value \"Identifier\" in key \"HKEY_LOCAL_MACHINE\\HARDWARE\\DESCRIPTION\\System\\CentralProcessor\\0\").", "technique_path": "built_in._anti_analysis._detect_vm.vmray_detect_generic_vm_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "Global\\pc_group=WORKGROUP&ransom_id=dce1bb8bd2ca4def", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_660", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"Global\\pc_group=WORKGROUP&ransom_id=dce1bb8bd2ca4def\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [ { "mutex_name": "firefox browser", "operations": [ "access" ], "type": "mutex_artifact", "version": 1 } ], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_install_ipc_endpoint", "operation_desc": "Create system object", "ref_gfncalls": [ { "ref_id": "gfn_701", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_ipc_endpoint", "technique_desc": "Create mutex with name \"firefox browser\".", "technique_path": "built_in._process._install_ipc_endpoint.vmray_install_ipc_endpoint", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [ { "operations": [ "write" ], "reg_key_name": "HKEY_CURRENT_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce", "type": "registry_artifact", "version": 1 } ], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_751", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_registry", "technique_desc": "Add \"\"C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\tubcvd.exe\"\" to windows startup via registry.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_registry", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_821", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"nslookup gandcrab.bit a.dnspod.com\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [ { "ip_address": "101.226.79.205", "type": "ip_address_artifact", "version": 1 }, { "ip_address": "112.90.141.215", "type": "ip_address_artifact", "version": 1 } ], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_request_dns", "operation_desc": "Perform DNS request", "ref_gfncalls": [ { "ref_id": "gfn_834", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_request_dns_by_name", "technique_desc": "Resolve host name \"a.dnspod.com\".", "technique_path": "built_in._network._request_dns.vmray_request_dns_by_name", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\SystemCertificates\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\gdcb-decrypt.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_modify_certificate_store", "operation_desc": "Modify certificate store", "ref_gfncalls": [ { "ref_id": "gfn_3013", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_add_certificate_by_file", "technique_desc": "Add a certificate to the local \"gdcb-decrypt.txt\" by file.", "technique_path": "built_in._os._modify_certificate_store.vmray_add_certificate_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\gdcb-decrypt.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_modify_certificate_store", "operation_desc": "Modify certificate store", "ref_gfncalls": [ { "ref_id": "gfn_3021", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_add_certificate_by_file", "technique_desc": "Add a certificate to the local \"my\" gdcb-decrypt.txt list by file.", "technique_path": "built_in._os._modify_certificate_store.vmray_add_certificate_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\Certificates\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\certificates\\gdcb-decrypt.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_modify_certificate_store", "operation_desc": "Modify certificate store", "ref_gfncalls": [ { "ref_id": "gfn_3029", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_add_certificate_by_file", "technique_desc": "Add a certificate to the local \"my\" certificate list by file.", "technique_path": "built_in._os._modify_certificate_store.vmray_add_certificate_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CRLs\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\crls\\gdcb-decrypt.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_modify_certificate_store", "operation_desc": "Modify certificate store", "ref_gfncalls": [ { "ref_id": "gfn_3037", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_add_certificate_by_file", "technique_desc": "Add a certificate to the local \"my\" revocation list by file.", "technique_path": "built_in._os._modify_certificate_store.vmray_add_certificate_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\SystemCertificates\\My\\CTLs\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\systemcertificates\\my\\ctls\\gdcb-decrypt.txt", "operations": [ "write" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_os", "category_desc": "OS", "operation": "_modify_certificate_store", "operation_desc": "Modify certificate store", "ref_gfncalls": [ { "ref_id": "gfn_3045", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_add_certificate_by_file", "technique_desc": "Add a certificate to the local \"my\" certificate trust list by file.", "technique_path": "built_in._os._modify_certificate_store.vmray_add_certificate_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\\\GDCB-DECRYPT.txt", "hashes": [ { "md5_hash": "053ca5bf559f67e020012e7c77b9f0a4", "sha1_hash": "62396f13c1b0faaaec77a52a959100ac8552e65d", "sha256_hash": "67c5ec74051bc364794af65d14089e0b757a7d0eae1080089190274e148984f5", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gdcb-decrypt.txt", "operations": [ "access" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_persistence", "category_desc": "Persistence", "operation": "_install_startup_script", "operation_desc": "Install system startup script or application", "ref_gfncalls": [ { "ref_id": "gfn_4066", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_install_startup_script_by_file", "technique_desc": "Add \"c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\microsoft\\windows\\start menu\\programs\\startup\\gdcb-decrypt.txt\" to windows startup folder.", "technique_path": "built_in._persistence._install_startup_script.vmray_install_startup_script_by_file", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\cookies.sqlite", "hashes": [ { "md5_hash": "4864d87fd4fafa8706618691582d50eb", "sha1_hash": "b7fab54eafe8660767e4a2dcc11ad89c10acb231", "sha256_hash": "37aaf1db4f046763e91f881840cdca0454bb317906fa2394a42cdae2d07f233c", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\cookies.sqlite", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_cookies", "operation_desc": "Read data related to browser cookies", "ref_gfncalls": [ { "ref_id": "gfn_4691", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_cookies", "technique_desc": "Read Cookies for \"Mozilla Firefox\".", "technique_path": "built_in._browser._browser_data_cookies.vmray_read_browser_cookies", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\key3.db", "hashes": [ { "md5_hash": "19198bf743d858949597941a7667772d", "sha1_hash": "6c753754225579ccf0964dad36af8dd673a729bc", "sha256_hash": "1d72a7021ec432f1fb582d0c23b0a650c95dbc89b37623af7d333a2f39c26e11", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\key3.db", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_credentials", "operation_desc": "Read data related to saved browser credentials", "ref_gfncalls": [ { "ref_id": "gfn_5118", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 3, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_master_key", "technique_desc": "Read the master key for \"Mozilla Firefox\".", "technique_path": "built_in._browser._browser_data_credentials.vmray_read_browser_master_key", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [ { "filename": "C:\\Users\\CIiHmnxMn6Ps\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\8i341t8m.default\\places.sqlite", "hashes": [ { "md5_hash": "3ab16d235b46fffed29dda7fe31787a0", "sha1_hash": "1ba8034558d85940390c10caa7b2ab09dcada2f5", "sha256_hash": "8b95953b69d7ff6000349477f52fd40a2cb515d08e8620adac189ebc7b58cb3e", "type": "file_hash", "version": 1 } ], "norm_filename": "c:\\users\\ciihmnxmn6ps\\appdata\\roaming\\mozilla\\firefox\\profiles\\8i341t8m.default\\places.sqlite", "operations": [ "read" ], "type": "file_artifact", "version": 1 } ], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_browser", "category_desc": "Browser", "operation": "_browser_data_history", "operation_desc": "Read data related to browsing history", "ref_gfncalls": [ { "ref_id": "gfn_5236", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_read_browser_history", "technique_desc": "Read browsing history and related data, such as bookmarks, for \"Mozilla Firefox\".", "technique_path": "built_in._browser._browser_data_history.vmray_read_browser_history", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_11122", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\system32\\wbem\\wmic\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_process", "category_desc": "Process", "operation": "_create_process_with_hidden_window", "operation_desc": "Create process with hidden window", "ref_gfncalls": [ { "ref_id": "gfn_41823", "ref_source": "glog", "ref_type": "gfncall", "type": "reference", "version": 1 } ], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_process_with_hidden_window", "technique_desc": "The process \"C:\\Windows\\system32\\wbem\\wmic.exe\" starts with hidden window.", "technique_path": "built_in._process._create_process_with_hidden_window.vmray_create_process_with_hidden_window", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_create_many_files", "operation_desc": "Create many files", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_create_many_files", "technique_desc": "Create above average number of files.", "technique_path": "built_in._file_system._create_many_files.vmray_create_many_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_file_system", "category_desc": "File System", "operation": "_encrypt_user_files", "operation_desc": "Encrypt content of user files", "ref_gfncalls": [], "rule_score": 5, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_encrypt_user_files", "technique_desc": "Encrypt the content of multiple user files. This is an indicator for ransomware.", "technique_path": "built_in._file_system._encrypt_user_files.vmray_encrypt_user_files", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_check_external_ip", "operation_desc": "Check external IP address", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_check_external_ip", "technique_desc": "Check external IP by asking IP info service at \"ipv4bot.whatismyipaddress.com/\".", "technique_path": "built_in._network._check_external_ip.vmray_check_external_ip", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_reputation_url_lookup", "operation_desc": "Reputation URL lookup", "ref_gfncalls": [], "rule_score": 2, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_reputation_url_suspicious", "technique_desc": "URL \"78.155.206.6/curl.php?token=1019\" is known as suspicious URL.", "technique_path": "built_in._network._reputation_url_lookup.vmray_reputation_url_suspicious", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"ipv4bot.whatismyipaddress.com/\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 }, { "artifacts": { "files": [], "ips": [], "mutexes": [], "registry": [], "type": "artifacts", "urls": [], "version": 1 }, "category": "_network", "category_desc": "Network", "operation": "_download_data", "operation_desc": "Download data", "ref_gfncalls": [], "rule_score": 1, "rule_type": "built_in", "rule_version": 1, "technique": "vmray_download_data_http_request", "technique_desc": "URL \"78.155.206.6/curl.php?token=1019\".", "technique_path": "built_in._network._download_data.vmray_download_data_http_request", "type": "vti_rule_match", "version": 1 } ], "vti_rule_type": "Default (PE, ...)", "vti_score": 100 }, "yara": { "apply_yara": true, "apply_yara_on_created_files": true, "apply_yara_on_modified_files": true, "apply_yara_on_pcap_file": true, "apply_yara_on_process_dumps": true, "apply_yara_on_sample_files": true, "match_count": 0, "matches": [], "ruleset_count": 7, "type": "yara", "version": 1 } }